| © 

| Ke) 
rich iS s S 
I il o oO & 


(ep) ® 
Im} | 22 8 


(server 
iSeries 
NetWare on iSeries 


Version 5 


© Copyright International Business Machines Corporation 2002. All rights reserved. 
US Government Users Restricted Rights — Use, duplication or disclosure restricted by GSA ADP Schedule Contract 
with IBM Corp. 


Contents 


Part 1. NetWare on iSeries. 

Chapter 1. What’s new for V5R2. 

Chapter 2. Print this topic . 

Chapter 3. NetWare Enhanced Integration advantages . 


Chapter 4. Install NetWare Enhanced Integration . 


Software and hardware requirements for NetWare Enhanced Integration . 


Chapter 5. Configure NetWare Enhanced Integration 
Activate the TCP/IP protocol 
Configure TCP/IP for NetWare. 
Install Novell NetWare patches on servers 
Install the NetWare Enhanced Integration NLM on servers 


Create installation diskettes for NetWare Enhanced Integration NLMs F 


Load the NetWare Enhanced Integration NLM . 
Create a QNETWARE user profile on NetWare servers 


Enable iSeries to automatically start authenticated connections 


Set up authentication entries 


Restart iSeries after installing NetWare Enhanced Integration 


Verify communications to the NLMs. 
Define network server attributes . 


Unlink and delete NetWare NWSDs when you upgrade the release level . 


Chapter 6. Manage NetWare server connections and authentication . 


Authenticated connections process . : 

Manually start a connection to the NetWare | server . 
Details: Connections in a batch job or printing . 

Create authentication entries . -% 2a 

NetWare Directory Services. : 

iSeries authentication entry commands 

Work with NetWare connections . . 

Work with your NetWare servers from iSeries : 


Chapter 7. Manage NetWare users from iSeries 
Advantages of managing NetWare users from iSeries . 
User enrollment. . . 

QNETWARE user profile. 

Network server user attributes . 

Profile characteristics . 

NetWare object rights and attributes 

Use of multiple iSeries systems to enroll users. 
Set up your NetWare servers for user enrollment . 
Set up iSeries for user enrollment 


Create iSeries group and user profiles for NetWare < servers . 


Enroll iSeries users on NetWare . 
Specify the default list of NDS trees. . 
Enroll users when iSeries does not store passwords 
Propagate profile changes to NetWare. 
Check iSeries user enrollment status . 
User enrollment and authentication commands 


© Copyright IBM Corp. 2002 


End user enrollment 


Chapter 8. Manage NetWare volumes from iSeries . 
About NetWare volumes . : 
Access files in your NetWare volumes from iSeries : 
Create a NetWare volume 
Change a NetWare volume . 

Increase NetWare volume size ; 

Mount and remove NetWare volumes . 
Display NetWare volumes 
Delete a NetWare volume 


Chapter 9. Manage NetWare files from iSeries with QNetWare file system . 


QNetWare directory structure . 

Details: QNetWare file system . 
Authorize users to files and directories. 

Inherited Rights Filter and effective rights. 

NetWare authority and ownership 
Change file or directory ownership . 
Mount NetWare file systems : 
Display information about particular file systems . 
Copy objects . 

Example: Copying a file to the ‘QNetWare file system 


Example: Copying an iSeries database file that has packed decimal fields to the QNetWare file 


system 


Example: ILE C for iSeries program to copy an | iSeries database file to QNetWare File System. 
Considerations for using integrated file system APIs on the QNetWare file system 


Chapter 10. Save and restore NetWare data from the QNetWare directory . 


Save NetWare data through the QNetWare directory 
Restoring NetWare data through the QNetWare directory . 


Chapter 11. Print from iSeries to NetWare printers . 
iSeries-to-NetWare printing environment . : 

Set up NetWare print support . 

Start the print server function . 

Use multiple NetWare print queues . . 
Create an output queue on iSeries for NetWare printers : 
Start writers to the output queue . 


Chapter 12. Troubleshoot NetWare Enhanced Integration 
View job logs to analyze problems . . . 

Details: Events that start the QNETWARE and ‘QPRFSYNCH jobs 
User enrollment error codes bo oe ak bos 
Troubleshoot connection problems . 

Troubleshoot system operator rights problems . 
Troubleshoot communication problems ie of 
Troubleshoot QNETWARE file system problems . 


iv iSeries: NetWare on iSeries 


Part 1. NetWare on iSeries 


If you are responsible for a network that includes both iSeries servers and Novell NetWare servers, you 
recognize the [advantages] of network integration. As of V4R5 IBM® no longer supports NetWare Integration 
on an Integrated xSeries Server, but you can still use NetWare Enhanced Integration to integrate remote 
NetWare servers with your iSeries server. This feature allows you to integrate file and print services, user 
profile management, and network operations. 


Get up and running: 

* Read about in NetWare integration. 

* Display or a PDF version of this topic. Be aware that not all links show up in the printed version. 

* |Install| NetWare Enhanced Integration on your iSeries server. 

7 NetWare Enhanced Integration. Configure your choice of protocol, install code fixes, install 
the NLM on your NetWare servers, define network server attributes for your servers, and more. 

. Establish authenticated connections to your Netware sane Start a connection from iSeries server, 


create an authentication entry, or create a user profile to automate the authentication. 


Manage NetWare users and data from iSeries server: 
¢ |Manage NetWare users|from iSeries server. Understand user enrollment concepts. Set up your iSeries 


server and NetWare system for user enrollment. Create user and group profiles on iSeries server and 
enroll them to NetWare servers. 

¢ |Manage NetWare volumes.| Create, change, and delete NetWare volumes and display or print volume 
information. 


¢ |Manage NetWare files|and directories. Read about the QNetWare directory structure and how to work 
with your NetWare files and directories through the QNetWare file system. 

. your NetWare files and directories through the QNetWare file system. 

Set up your system to|print to NetWare printers. 

Troubleshoot problems] with NetWare Enhanced Integration. 


Code disclaimer information 


This document contains programming examples. 


IBM grants you a nonexclusive copyright license to use all programming code examples from which you 
can generate similar function tailored to your own specific needs. 


All sample code is provided by IBM for illustrative purposes only. These examples have not been 
thoroughly tested under all conditions. IBM, therefore, cannot guarantee or imply reliability, serviceability, 
or function of these programs. 


All programs contained herein are provided to you "AS IS” without any warranties of any kind. The implied 


warranties of non-infringement, merchantability and fitness for a particular purpose are expressly 
disclaimed. 
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Chapter 1. What’s new for V5R2 


Beginning with V5R2, IBM will no longer support the following: 
1. NetWare 3.x 
2. IPX on iSeries. The only supported communications protocol for NetWare is TCP/IP. 


How to see what’s new or changed 


To help you see where technical changes have been made, this information uses: 
* The # image to mark where new or changed information begins. 
* The *€ image to mark where new or changed information ends. 


To find other information about what’s new or changed this release, see the e 


© Copyright IBM Corp. 2002 


4 iSeries: NetWare on iSeries 


Chapter 2. Print this topic 
To view or download the PDF version, select[NetWare on iSeries| (about 94 pages or 721 KB). 


Saving PDF files 


To save a PDF on your workstation for viewing or printing: 

1. Right-click the PDF in your browser (right-click the link above). 

2. Click Save Target As... 

3. Navigate to the directory in which you would like to save the PDF. 
4. Click Save. 


Downloading Adobe Acrobat Reader 


If you need Adobe Acrobat Reader to view or print these PDFs, you can download a copy from the 


(www.adobe.com/products/acrobat/readstep. html) : 
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Chapter 3. NetWare Enhanced Integration advantages 


NetWare Enhanced Integrationprovides the following advantages: 

* Gives iSeries server users access to network data. Integrated file system support allows users and 
applications to access files and directories in multiple NDS trees. An iSeries server user can easily work 
with files on any of the NetWare servers in a network such as this one: 


iSeries Operator 


NetWare 5.0 


Metyvware ax 


HNetiVare 4.2 


HMetvare Printer 


RW DGG2-7 


* Gives iSeries server users access to network printers. Print files go from an iSeries server output queue 
to a printer queue managed by the NetWare server. 
¢ Simplifies network administration with user profile and password propagation. The iSeries server group 


or user profiles and associated information are distributed to multiple NDS trees. For more information, 

¢ Simplifies network operations by allowing you to manage NetWare user connections and disk volumes 
from the iSeries server. 

¢ Keeps your network secure by authenticating each iSeries server user in NDS. 

* Connects to iSeries server by using a token-ring, Ethernet, X.25, or frame relay connection and 
Transmission Control Protocol/Internet Protocol (TCP/IP). 
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Chapter 4. Install NetWare Enhanced Integration 


This topic contains the steps to install the NetWare Enhanced Integration feature on iSeries servers: 


Attention: If you are upgrading from an earlier version of OS/400 and have NetWare data on an 
Integrated xSeries Server, be sure to first migrate that data to a remote PC server. Otherwise you will not 
be able to recover your data after upgrading to V4R5 or later versions of OS/400. At V4R5, IBM no longer 
supports NetWare Integration on an Integrated xSeries Server (5769-SA3). You cannot use the Restore 
License Program command to load a previous release of the SA3 product onto a server with V4R5 or later 
version of the operating system. The product will no longer work. 


First ensure that you have the necessary |software and hardware}to install NetWare Enhanced Integration. 


Then install the OS/400 feature, which is option 25. 


To install the NetWare Enhanced Integration on iSeries, follow these steps: 

1. Insert the CD-ROM for licensed programs. (If the licensed programs are on a different CD-ROM from 
the one you inserted, iSeries prompts you to insert the next CD-ROM.) 

2. At the server command prompt, type GO LICPGM; then select Option 11 (Install). 

3. To install NetWare Enhanced Integration, type 1 in the option column next to the entry for OS/400 
NetWare Enhanced Integration, as in this example. 


Install Licensed Prograns 


Sed Product 
Option Progr Option Description 


Ad-ns5 


Repeat this step for any additional language. 
4. For the program you just installed, install the latest cumulative program temporary fix (PTF) package 
on the iSeries. 


Type GO CMDPTF to find the PTF commands. You can find more information about PTFs in the book 


a 


Software Installation . 


5. Apply any additional PTFs. 
The latest code updates for NetWare Enhanced Integration are available on the Internet. Start at the 


iSeries Web addressP" and follow these links: 


¢ Products 

* Client/server applications 
¢ Novell NetWare 

¢ Service and Support 
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* Code Updates 


6. You have the option to either|restart your server|now or wait until after you complete the 


steps. 


Software and hardware requirements for NetWare Enhanced 
Integration 


NetWare Enhanced Integration does not require any other products as prerequisites. However, you must 
have an active TCP/IP configuration on iSeries to run NetWare Enhanced Integration. 


Software reqiurements: 


To install NetWare Enhanced Integration on your iSeries, you need this software: 


OS/400 V3R7 or later. If your iSeries is not yet running a supported version of Operating System/400, 


a 
you can find information about upgrading to the desired release in the book|Software Installation ee 
NetWare Enhanced Integration (option 25 of OS/400). 


You order this program (5722-SS1) separately as feature 2246, and there is a charge for it. This feature 
provides integration services through a NetWare Loadable Module (NLM) that you must install on each 
NetWare server in your network. An NLM is available for NetWare 4.1x, NetWare 4.2, and NetWare 5 
servers. You need one license for each NetWare server that runs the NLM. 


NetWare Enhanced Integration is available in the same language versions as OS/400. Your installation 
diskette comes in the national language version that you order. 

TCP/IP on iSeries. 

A CD-ROM version of NetWare in the national language appropriate for your country. You can use any 
of these Novell NetWare versions: 

— NetWare 4.1 Server 

— NetWare 5 Server 


You need a NetWare license for every PC server that has NetWare installed. You can migrate an 
existing license to a new server or purchase a new license from Novell. 


Hardware requirements: 


To install NetWare Enhanced Integration, you need this hardware: 


Any Version 3 Release 7 or later iSeries. 
To install NetWare on a PC with a TCP/IP connection to an iSeries, you can use one of these 
communication adapters: 

— Token-ring 

— Ethernet 

— X.25 

— Frame Relay 

— Distributed data interface (DDI) 

— Asynchronous transfer mode (ATM) 

— Asynchronous 

— Point-to-point 

— Wireless 
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Chapter 5. Configure NetWare Enhanced Integration 


Once you have installed NetWare Enhanced Integration, you must configure it before you are ready to 
manage your network. Configuring NetWare Enhanced Integration involves doing these tasks: 
1. |Activate the TCP/IP protocol]/to communicate with the NetWare servers on your network. (Systems 
before V4R3 can use only IPX. 
nstall the latest Novell NetWare patches 


nstall the NetWare Enhanced Integration NLMjon the servers. 
If you want to enroll iSeries users on the NetWare network,|create a QNetWare user|on each server. 


(Optional) You can automate many administrative tasks by changing the QRETSVRSEC system value 


to allow the server to store passwords. Doing this}enables the iSeries to start authenticated 


connections 

6. (Optional) You can|create authentication entries] for each user so that the NetWare Enhanced 
Integration support automatically starts authenticated connections as needed to the appropriate server 
in the network. If you do not create an authentication entry, you must manually start the connection 
before using most of the_administration and file system functions. For details about authentication 
entries, you can refer to 

age 21 

7. Whenever convenient after installing the NetWare Enhanced Integration product, [perform an IPL} The 
IPL mounts the QNetWare file system in the server's integrated file system. After the IPL, verify that 
the QNetWare file system is mounted by typing DSPMSG QSYSOPR on the command line and look for the 
message CPCAO8C that says 


/QNetWare file system mounted. 

8. (Optional) Once the QNetWare file system is mounted and 
TCP/IP is active, the NetWare Enhanced Integration support is available. 

9. lf your network has primarily NetWare servers, you can simplify working with those servers by 
defining network server attributes|that change iSeries command defaults. You must use this step to 
identify the NetWare servers to iSeries. 

10. If you are upgrading to Version 4, Release 5 and previously had NetWare Integration installed on an 


Integrated xSeries Server, you can save space by|unlinking and deleting network server descriptions 


Once you complete these configuration tasks, you are ready to manage your network. If you plan to 
manage NetWare users and their passwords from an iSeries server, you need to enroll the iSeries user 


profiles. Refer to|Chapter 7, “Manage NetWare users from iSeries” on page 27|for more information about 


enrolling and managing users. 


ORwON 


F 


: 


Activate the TCP/IP protocol 
Beginning with V5R2, TCP/IP is the only supported communications protocol for NetWare. 


Configure TCP/IP for NetWare 


If your system is at V4R3 or later, you can use iSeries Navigator to configure your TCP/IP connections. 
You can find more information on configuring TCP/IP in the iSeries Navigator online help. 


Note: You must also use the Change Network Server Attributes (CHGNWSA) command to specify the 
NetWare TCP/IP port and NetWare IP/ server list. “Define network server attributes” on page 18}has 


information about using this command to change system defaults. 


If you do not have iSeries Navigator, you can use the Configure TCP/IP (CFGTCP) command. To 

configure TCP/IP, follow these steps: 

1. On the iSeries console, enter the command CFGTCP. The Configure TCP/IP menu appears. 

2. Select option 12. Change TCP/IP Domain information. The Change Local Domain and Host Names 
display appears. 

3. Specify the Local domain name; then press Enter. 
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4. In the Server Address field, specify up to 3 server addresses. 


For more information about TCP/IP, you can refer to the book|TCP/IP Configuration and Referencef™as" . 
When you are done configuring TCP/IP, you are ready to|install Novell NetWare patches} on the servers. 


Install Novell NetWare patches on servers 


You need to install the latest Novell NetWare patches on each server in the NDS tree. Novell provides 
these patches on its home page on the World Wide Web. 


Installing NetWare patches: 


To get Novell NetWare patches from the Web, do this: 
1. Go to one of these Web addresses: 


¢ First try the|Novell patch site a. 
* If that does not work, go to/Novell home pagef*" . At that Web site, select Technical Support. 


2. Select Minimum Patch List. A page with lists of Novell patches should appear. 
3. Download the appropriate patches for your environment and apply them to your NetWare servers. 


Installing NetWare-J Patches: 


To get NetWare-J patches from the Web, do this: 


1. Go to this Web address: |Novell-J patch site ha 


2. Select the product from the list of Novell patches that appears. 
3. Download the patches and apply them to your NetWare servers. 


When you are done installing the NetWare patches, you are ready to|install the NetWare Enhanced 
Integration NLM 


Install the NetWare Enhanced Integration NLM on servers 


You must install and load the NetWare Loadable Module (NLM) appropriate for your version of NetWare on 
the servers that you will manage from iSeries. The NLM must be running on at least one server in the 
NetWare Directory Services (NDS) tree. The best solution is to run the NLM on all, or most of, the 
NetWare servers in the tree. 


To install the NLMs, do this: 

1. [Create installation diskettes|and apply any needed PTEs. 

2. Use NetWare LOAD commands to 

Create installation diskettes for NetWare Enhanced Integration NLMs 


NetWare Enhanced Integration provides an installation diskette image with NetWare Loadable Modules 
(NLMs) that you must install on each server that you will manage from iSeries. IBM sometimes posts 
updates to the NLMs on the Internet Web site and updates the installation diskette image in a program 
temporary fix (PTF). Consequently, you can get the NLM to create updated installation diskettes and to 
update your servers from either of those sources. To create updated installation diskettes, do this: 

1. Get the NLMs you need by either of these methods: 


* Download the NLMs\/from the Interne >. Then load them on your servers. 
* JApply the iSeries PTF] with the updated installation diskette image. You might also need to apply a 
PTF on NetWare servers that are already in your network. 
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When you apply the PTF, the updated installation diskette image goes in the QDLS directory in the 
Integrated File System. If you are using iSeries Access, you can download the diskette image from 
QDLS and rebuild the installation diskette. 


To create updated installation diskettes, use one of these methods: 
* Use if you have it installed. This is the shorter method. 
¢ Use|NetWare Enhanced Integration| already installed on a server. To use NetWare Enhanced 


Integration to create the diskettes, you must first use the diskettes that are shipped with the product 
to|install NetWare Enhanced Integration 


Apply a PTF to a NetWare Enhanced Integration NLM 
If IBM provides a PTF for the iSeries NetWare Enhanced Integration NLM, you need to apply the PTF on 
each NetWare server to be updated: 


1. 
2. 


Load the NetWare Enhanced Integration NLM on the server if the NLM is not already loaded. 


At the server's console, enter this command: 
modules 


The description of the NetWare Enhanced Integration NLM provides its version number. If the version 
currently on the server is equal to or greater than the NLM version listed in the PTF cover letter, you 
do not need to update the NLM on this server. In that case, skip the remaining instructions. 

Copy the updated NLM to the server. 


The following method for doing this uses the iSeries integrated file system to copy the NLM. Other 
methods for copying the updated NLM are possible using iSeries Access and a NetWare client 
workstation or FTP and a NetWare client workstation. These methods are not described here. 

On the iSeries system where the PTF was installed (NetWare Enhanced Integration must be installed), 
do this: 

a. Ensure that your user ID is enrolled in the system directory. 


You must be enrolled in the system directory to access /qd1s/qfpntwe. If you are not enrolled in 


the directory, use the ADDDIRE command to enroll. 
b. |Establish a connection}to the server. 
c. Remove the link and copy the object, substituting the name of your server for server? 


If the server is running NetWare 4.1 or higher run 
RMVLNK OBJLNK('/qnetware/serverl.svr/sys/as4nw/as4nw410.n1m') 


CPY OBJ('/qd1s/qfpntwe/as4nw410.n1m') 
TODIR('/qnetware/serverl.svr/sys/as4nw' ) 

Unload the NetWare Enhanced Integration NLM and reload the updated NLM. 
Wait until the server’s file system is not in use by the integrated file system of any iSeries system. 
If the server is running NetWare 4.10 or higher, run these commands at the server's console: 
unload as4nw410 
load sys:as4nw\as4nw410 
When you apply a PTF to a NetWare Enhanced Integration NetWare Loadable Module (NLM), iSeries 
does not automatically activate the changes. The PTF puts the updated version of the NLM into the 
iSeries integrated file system in the /qd1s/qfpntwe directory. To activate the changes when applying a 
PTF to an NLM, copy the appropriate NLM from the iSeries integrated file system to the AS4NW 
directory on the SYS: volume of each NetWare server in your network that has the NetWare Enhanced 
Integration NLM product installed on it. 


If you remove the PTF after applying it temporarily, follow the same activation procedures to restore the 
previous version of the NLM on each server that you updated. 


Method 1: Use iSeries Access to create updated installation diskettes 


This |disclaimer information|pertains to code examples. 


1. 


From a DOS prompt on a PC that is running iSeries Access, change to the QFPNTWE folder. 
For iSeries Access for DOS or DOS Extended: 
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CD I:\QFPNTWE 


For iSeries Access for Windows: 


CD 1:\QDLS\QFPNTWE 
2. Run the QFPNLMDK.BAT file to create the desired diskette. 


There are 3 parameters: 
* Source Drive Letter 

* Target Drive Letter 

* NLM version to create. 


QFPNLMDK I A 4 where I is the source drive 
where A is the target drive 
where 4 is to create 4.10 diskettes 


QFPNLMDK I A 411 where 411 is to create 4.11 diskettes 


QFPNLMDK I A 5 where 5 is to create 5.0 diskettes 

CD I:\QFPNTWE - for iSeries Access for DOS or DOS Extended 
-or- 

CD I:\QDLS\QFPNTWE - for iSeries Access Express for Windows 


3. Insert a diskette into your target drive (A:) when prompted and press ENTER. 


The diskette is formatted. 
4. Answer N to the questions about formatting another diskette. 


Files are copied to the target drive, and you receive a success message when completed. When your 

installation diskettes are ready, |load the NetWare Enhanced Integration NLM|on your NetWare servers. 
Method 2: Use the NetWare Enhanced Integration NLM to create updated 
installation diskettes 


This method requires that the NetWare Loadable Module (NLM) for NetWare Enhanced Integration is 
already on at least one NetWare server. 


ee disclaimer information|pertains to code examples. 


Copy the contents of the QFPNTWE folder to a NetWare server that is running the NetWare Enhanced 
Integration NLM. 
SERV in the examples is the name of the NetWare server. 
a. Use the iSeries MKDIR command to create the required directories on a NetWare server. 
MKDIR DIR('/QNETWARE/SERV.SVR/SYS/QFPNTWE') CRTOBJAUD (*NONE) 
MKDIR DIR('/QNETWARE/SERV.SVR/SYS/QFPNTWE/NLS) CRTOBJAUD(*NONE) 


MKDIR DIR('/QNETWARE/SERV.SVR/SYS/QFPNTWE/NLS/0) CRTOBJAUD(*NONE) 
MKDIR DIR('/QNETWARE/SERV.SVR/SYS/QFPNTWE/NLS/1) CRTOBJAUD(*NONE) 


Continue through directory /QNETWARE/SERV.SVR/SYS/QFPNTWE/NLS/21 
b. Copy the contents of the directories from QFPNTWE to the NetWare server. 


CPY OBJ('/QDLS/QFPNTWE/*') TODIR('/QNETWARE/SERV.SVR/SYS/QFPNTWE' ) 
CPY OBJ('/QDLS/QFPNTWE/NLS/0/*') 
TODIR('/QNETWARE/SERV.SVR/SYS/QFPNTWE/NLS/0') 


Continue through directory /QDLS/QFPNTWE/NLS/21/ 
2. From a NetWare client PC, map a drive to the servers SYS volume. 


MAP I:=SERV\SYS: 
3. From a DOS prompt change to the QFPNTWE directory on the NetWare server. 


CD I:\QFPNTWE 


4. Goto step [2] and complete the steps under|Method 1: Use Client Access 
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Load the NetWare Enhanced Integration NLM 


To use NetWare Enhanced Integration functions on a NetWare server, you must install the appropriate 
version of the NetWare Loadable Module (NLM). You do this with a NetWare console LOAD command. 
You can run this command either on the NetWare server console or remotely from iSeries by using the 
RCONSOLE utility. You might want to first read about the options that these|LOAD commands provide that 


allow_you to tailor your environment. When you are done loading the NLM on your servers, the next step 
is to|create a QNETWARE userjon those servers. 


To install the as4nw410.nlm on the NetWare 4.x, and 5.x servers: 
1. Put the installation diskette for the NetWare 4.x or 5.x server in the diskette drive on your PC. 
2. Bring up RCONSOLE. 
3. Select and log in to the NetWare server. 
4. On the RCONSOLE display: 
¢ For NetWare 4x, type LOAD INSTALL 
* For NetWare 5.x, type LOAD NWCONFIG 
Select Product options. 
Select Install a product not listed. 
Press F4, remote workstation path, and type >A:\. 
If you are installing on NetWareJ 4.10 servers, the path is A:\NLS\9, not just A:\. 
8. Press Enter, and a menu appears that indicates which file groups to install. 
* For NetWare 4.10, select VOLLIB.NLM and PARTAPI.NLM if you do not have the latest changes 
from Novell. 
¢ For NetWare 4.11 and NetWare 5.0, unselect NWPSRV.NLM and PARTAPI.NLM as these are 
already provided with NetWare. 


NOOO 


If a later version of the NLMs already exists on your server, the files are not replaced with the versions 
that are on the diskette. 

9. Press ESC or Alt-F3 to return to the RCONSOLE display, and type: LOAD 
SYS: AS4NW\AS4NW410/tcp=nnnn, where nnnn is the new port value. 


LOAD AS4NW410 command 
The LOAD AS4NW410 console command loads the appropriate version of the NetWare Enhanced 


Integration NetWare Loadable Module (NLM) for NetWare 4.1 or NetWare 5. 


The LOAD command provides options that allow you to tailor your environment: 
/MAXCNN= 
Specifies the maximum number of concurrent connections from iSeries hosts that can be active to this 
server. Specify a value in the range 1 to 100 connections (or use the default of 50 connections). 
/CLSALLIDL 
Specifies to close connections with open files that have been idle for the amount of time you specify 
when you start the connection. iSeries uses a default value of 15 minutes for connections or the time 
you set with the CNNIDLTIME parameter on the STRNTWCNN command. 


If you do not specify this parameter, the system closes only connections with no associated open files 
when the specified CNNIDLTIME value has passed. 

TCP 
Specifies use of TCP/IP protocol. You can follow this with a port number. The default is 20199. You 
can change this default value by using the CHGNWSA command to|define network server attributes} If 
you do that, you must load the NetWare Enhanced Integration NLM with the parameter /tcp=xxxx, 
where xxxx is the new default port value. 

/SRBUFNUM 
Specifies the number of buffers (between 2 and 10 inclusive) to use in a Save/Restore session. The 
default is 3. 

/SRBUFLEN 
Specifies the length of each buffer to use in a Save/Restore session. The length must be between 64K 
(65536) and 1M (1048576) inclusive. The default is 320K (327680). 
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To load the NLM on a NetWare 4.1 server, enter this command: 
LOAD AS4NW410 /CLSALLIDL 


This command loads the NetWare 4.1 version of the NetWare Enhanced Integration NLM. It changes the 
server path environment variable to include the directory SYS:/AS4NW by using a search add statement in 
AUTOEXEC.NCF. Use the Install utility to edit AUTOEXEC.NCF. The maximum number of allowed 
connections is the default value of 50. Idle connection processing closes all idle connections, regardless of 
whether they have associated open files. 


To load the NLM on a NetWare 5 server, enter this command: 
LOAD AS4NW410 /TCP 


This command loads the NetWare 5 version of the NetWare Enhanced Integration NLM. It changes the 
server path environment variable to include the directory SYS:/AS4NW by using a search add statement in 
AUTOEXEC.NCF. Use the NWConfig utility to edit AJTOEXEC.NCF. The maximum number of allowed 
connections is the default value of 50. This command specifies use of the TCP/IP protocol. 


NetWare language names and identifiers 
NetWare requires that you provide a language identifier as well as a language name. The language 
identifier must match the language name. The following table lists languages and their identifiers: 


Table 1. NetWare language names and numbers 


NetWare language number NetWare language name NetWare language identifier 
0* FRAN_CAN French Canadian 
1 i CHINESES Chinese-Simplified 
2 DANSK Danish 
3* NEDERLAN Dutch 
4* ENGLISH English 
5 SUOMI Finnish 
6* FRANCAIS French (France) 
t DEUTSCH German 
8* ITALIANO Italian 
9* NIHONGO Japanese 
10* KOREAN Korean 
11 NORSK Norwegian 
12* PORTUGUE Portuguese (Brazil) 
13* RUSSKI Russian 
14* ESPANOL Spanish (Latin America) 
15 SVENSKA Swedish 
16* CHINESET Chinese-Traditional 
17 POLSKI Polish 
18” PORT_PRT Portuguese 
19” ESPA_ESP Spanish (Spain) 
20 MAGYAR Hungarian 
21* CESKO Czech 


The asterisk (*) represents languages for which a message file exists. 


The plus (+) symbol indicates that the Russian message files may not exist in NetWare. If you select 
Russian and message files do not exist, NetWare uses the default message file instead and indicates the 


substitution with a message. 


If this table does not include the language you need, refer to the Novell NetWare CD-ROM and 


documentation to determine the language name or identifier. 
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For NetWare 4.10, you can find the language name in the NW410\INSTALL\ directory. For NetWare 4.11 
and 5.0, look for the language name in the PRODUCTS\NW411\_\411\LOGIN\NLS\ directory. 


For NetWare 4.10, you can find the language number in the directory:.\NW410\BOOT\NLS on the 
CD-ROM. 


For NetWare 4.11 and 5.0, you can find the language number in the 
PRODUCTS\NW411\_\411\SYSTEM\NLS\ directory. 


Create a QNETWARE user profile on NetWare servers 


You can use the features of NetWare Enhanced Integration without enrolling iSeries users on NetWare, 
particularly if you are not concerned about synchronizing passwords. You might not want to enroll a user 
who just wants to use NetWare printers, for example. However, enrolled users have more automated 
access to the servers in your network and do not have to worry about changing their passwords on 
multiple systems. 


To enroll iSeries users on NetWare, you need alQNETWARE user profile]on iSeries and on all NDS 
servers that you manage from iSeries. The installation automatically creates the QNETWARE user on 
iSeries. You need to lreate the ONETWARE users|on your NetWare servers. The QNETWARE user 
profile must have ADMIN authority in each NDS tree on which you want to enroll users. If you do not want 
to enroll iSeries users on your NetWare servers, go to[Restart iSeries | 

Enable iSeries to automatically start authenticated connections 


By default, iSeries is set to not store passwords for remote systems. Therefore, enrollment for group 
profiles and user profiles is delayed until the iSeries can access the profile’s password. Without stored 


passwords, the system cannot automatically start authenticated connections to NetWare servers. You must 
manually each time you sign on and want to connect to a specific server. 

If you want the iSeries to automatically start authenticated connections to NetWare, you must enable the 
system to save password information with authentication entries. You do this by changing the 
QRETSVRSEC system value from its default of 0 to the value 1. Doing this speeds up user access. If you 


have an authentication entry, you only need to specify the NetWare server to start a connection. There are 
security implications to storing passwords, however. A trusted user who has ALLOBJ authority and access 


to service tools such as SST and DST could find the passwords on your server and decrypt them. If you 
choose not to let iSeries store passwords, you can still on NetWare. 
To change the QRETSVRSEC system value: 


1. On the iSeries command line, type WRKSYSVAL SYSVAL(QRETSVRSEC). 
2. When the Work with System Values display appears, use option 2 to change the system value to 1. 


Set up authentication entries 


If you want to automate connections to the appropriate servers in your network, you need authentication 


entries for each iSeries user that uses the NetWare Enhanced Integration support. 
¢ For information about authentication entries, you can refer to}Chapter 6, “Manage NetWare server 


connections and authentication” on page 21 
* For information about automatically creating authentication entries, you can refer to[‘Create] 
authentication entries” on page 23 


Restart iSeries after installing NetWare Enhanced Integration 


You can restart your iSeries any time after installing the licensed program for NetWare Enhanced 
Integration. Wait until now if you want to complete the previous configuration steps before running the 
PWRDWNSYS command. To restart the iSeries, follow these steps: 
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1. On the iSeries command line, enter the PWRDWNSYS command and specify *YES for the RESTART 
parameter. Doing this activates the QNetWare file system that NetWare Enhanced Integration uses. 
2. To verify that the QNetWare file system is mounted, wait until the system restarts. Then enter: 


DSPMSG QSYSOPR 


Look for the message CPCAO8C that says: 
/QNetWare file system mounted 


Verify communications to the NLMs 


Enter the PING command to verify that iSeries can communicate with the server. Communication between 
the server and iSeries should enable NetWare Enhanced Integration to work. 


Define network server attributes 


If you have primarily NetWare servers on your network, you can simplify working with those servers by 
changing default values on a system-wide basis. Many network server commands, such as DSPNWSUSR 
and WRKNWSSTS, allow you to specify *NWSA for a given parameter to indicate that iSeries should use 
information from the network server attributes. 


For example, if you plan to enroll most of your iSeries users on the same set of NDS trees, you can 
simplify enrollment by first defining a default list of those trees. Then when you enroll users, you can refer 
to that list of default attributes by specifying *NWSA on the appropriate command parameters. Adding or 
removing network servers is also simpler because you change the default server list instead of manually 
updating all the profiles that refer to it. 


When you are running TCP/IP, you must use the CHGNWSA command to add the TCP/IP names of the 
NetWare servers. Enhanced Integration for Novell NetWare uses this list of names to find the TCP/IP 
NetWare servers. (This is the only place that iSeries uses the TCP/IP name of the NetWare server. After 
identifying NetWare servers from this list, NetWare Enhanced Integration knows the servers by their 
NetWare server names, not their TCP/IP names.) 


In addition, you can change the default value of the TCP/IP port from 20199 to some other value. If you 
change the default port value, you must load the NetWare Enhanced Integration NLM with the parameter 
/tcp=nnnn, where nnnn is the new port value. If you decide to change this value after loading the NLM, 
you must unload and reload the NLM with the new value. 


To set these attributes on an individual user profile basis instead, you can use the |CHGNWSUSRA 
command. 


Network server attributes are saved by the Save System (SAVSYS) command. Network server attributes 
are restored to the system when the operating system is installed. 


To define network server attributes, enter the Change Network Server Attributes (CHGNWSA) command: 
1. On the iSeries command line, type CHGNWSA and press F4. The Change NWS Attributes display 
appears. 
2. Fill in the values you want for your system defaults. Here are suggestions: 
* The original default *ALL for Prompt control shows all the parameters. To have iSeries show only 
parameters that are relevant to NetWare, you can change this value to “NETWARE. 
¢ If NetWare is the predominant server type in your network, change the value for the Default server 
type field to “NETWARE. 
* For the NDS tree, specify the tree that your iSeries uses most often when accessing the network. 
¢ Specify the complete path name for that NDS tree in the NDS context field. Defining the context 
here enables you to use *NWSA on other CL commands that have an NDS context parameter. If 
you do not set an NDS context, iSeries defaults the context to *ROOT. 
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* To connect to NetWare servers over TCP/IP, you must specify values for the TCP/IP port and 
NetWare IP server list fields. 

* The NDS Tree list field has the default tree list for user enrollment. 
has information about this parameter. 


Unlink and delete NetWare NWSDs when you upgrade the release level 


If you are upgrading to Version 4, Release 5 and above, and previously had NetWare Integration installed 
on an Integrated xSeries Server, you can save space by doing system cleanup. To remove links and 
delete storage spaces that remain from before your reinstallation, use the Work with Network Server 
Storage Spaces (WRKNWSSTG) command. 


To unlink and delete leftover network server descriptions (NWSDs), do this: 

1. Onan iSeries command line, type WRKNWSSTG and press Enter. 

2. Look for “NETWARE in the Format column to identify network server descriptions that you want to 
delete. 

3. Check for a server name in the Server column that is associated with that network server description. 
If a Server name appears, you must first unlink the NWSD before deleting it. 


To remove a link, type 11 in the Option space before the NWSD name. 

4. Once the NWSD has no links, you can delete it by typing 4 in the Option space before the NWSD 
name. 

5. Repeat these steps for each NetWare NWSD in the list. 


Note: These are the only command options still available for your NetWare NWSDs for V4R5. 
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Chapter 6. Manage NetWare server connections and 
authentication 


Most administrative, printing, and file system functions require that you have anjauthenticated connection 


from iSeries to a NetWare server that runs the NetWare Enhanced Integration NLM. You can think of this 
as the iSeries user's logging on to the server. 


To make this connection, you must have a NetWare user name and password. In most cases the NetWare 
user name and the iSeries user profile should be the same. When they are different, you identify the 
NetWare user name that you want to use for the connection in one of these ways: 

* By specifying it when you manually start the connection. 

* By specifying it in the NetWare authentication entry. 


You can establish connections in these three ways: 

* Directly by|manually starting a connection] with the STRNTWCNN command. This connection is active 
only until the user signs off (whereas setting up an authentication entry automates this process). Use 
this method when you need to specify: 

— The iSeries user profile authorized to use the connection (for example, when the NetWare user 
name and the iSeries user profile are different). 


Only jobs running under the specified iSeries user profile name can use the connection. 

— The job that is authorized to use the connection. 
The connection can be used by either the current job or by any job running under the specified user 
profile name. 

— The type of authentication to be performed. 
For example, NetWare backup services require a separate authentication in addition to a normal 
user login. 


¢ Indirectly by|creating an authentication entry| for the NetWare Directory Service (NDS)|tree that the 


server is in. Once you create an authentication entry, iSeries automatically starts a connection when 
necessary. Using authentication entries greatly enhances usability. 


* Indirectly by using |iSeries user enrollment} which has iSeries automatically create the authentication 


entries. Again the authentication entry enables iSeries to start connections automatically. 


You can also display and work with connections and authentication entries in these ways: 


* If you want to display or end a connection, see|“Work with NetWare connections” on page 24 


* To add, change, delete, or display authentication entries for a specific iSeries profile, see 
authentication entry commands” on page 24 
* Once you have established a connection to a NetWare server, you can|work with that server] from your 


iSeries console. 


Authenticated connections process 


When you enter a request to an NDS tree, iSeries searches for an authentication entry for that tree or 
server. If it finds an authentication entry, or when you use the STRNTWCNN command, iSeries attempts to 
start an authenticated connection to the server. The NetWare server receives the connection request and 
authenticates your access by verifying that the NetWare user name and password are valid. If they are 
valid, iSeries starts the connection and forwards your administrative, printing, and file system requests to 
NetWare. 


If iSeries finds an authentication entry but the password is not stored with it, you only need to specify the 
server to which you want to connect and the NetWare user password on the STRNTWCNN command. 
iSeries uses the other information in the authentication entry, such as the NetWare user name, to issue the 
connection request to NetWare. 
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Manually start a connection to the NetWare server 


If you do not have an authentication entry for a NetWare server, you can manually start a connection to 
the server. You do this by using the Start NetWare Connection (STRNTWCNN) command. If you are|using| 
first read that topic for special considerations. 
To start a connection to a NetWare server, do this: 
1. Onan iSeries command line, type STRNTWCNN and Press F4. (You can also start a connection by 
typing WRKNWSSTS at the command line and pressing Enter. Then page down to the server and type 10 


(start connection).) 
2. In the Server field, specify the name of the NetWare server to which you want to connect. 


You can start connections to any server within an NDS tree by using the «ANY value. You can specify 
*ALL to start connections to all servers within the tree you specify on this command. If multiple 
connections exist, operations that do not require a specific server will use the first connection that 
was started. 

3. In the Server type field, specify either: 
e «SERVER for iSeries to determine the type of the target server 


If you specify *ANY or *ALL in the Server field, you cannot specify «SERVER here. 
¢ «NDS for a NetWare 4.1 or NetWare 5 server 

4. Specify the name of the user. Only jobs running under this iSeries user profile can use the 
connection. To start a connection for another user profile, you need *USE authority to that user 
profile. 

5. If the user profile has no authentication entry or you want to use different authentication information 
than the user profile contains, enter values for the rest of the fields. If the user profile has an 
authentication entry, that entry identifies these values: 

* The server or NDS tree 
¢ The user name for each server or NDS tree that you want to access 
* Optionally, the password that is used to log in to the server or tree. 


To have iSeries retrieve these values from the authentication entry, use the special value, *AUTE. If 
you did not[set up iSeries to save passwords] specify the NetWare password. 
6. In the Authorized job field: 

¢ If you want the connection to be available only to the current job (necessary to access the file 
system), use the default (*). Connections that are limited to the current job end during end job 
processing. Because ending connections requires communication with the server, jobs take longer 
to end (possibly several minutes, depending on the state of the server). 

¢ If you want to make the connection available to any job, change the value to *ANY. Use this value 
to run batch jobs and for printing to a NetWare print server when a connection cannot be started 
by using an authentication entry. 

7. Page down to see additional parameters. 
8. In the Connection type field, specify whether the connection is: 

* A normal user sign-on (*USER). Specifying “USER for the connection type establishes a connection 
that is similar to logging in from a NetWare client. You need a *USER connection to access files 
and directories on the server and to perform server administration tasks such as creating volumes 
or submitting console commands. 

* Aconnection to the NetWare Storage Management Services (SMS) NLMs (a *SAVRST connection). 
A *SAVRST connection requires that these NLMs be present on the server, either already loaded 
or in the server's search path: 

NetWare 4.10 -- SMDR.NLM, TSANDS.NLM, TSA410.NLM 


NetWare 4.11 -- SMDR.NLM, TSANDS.NLM, TSA411.NLM 
NetWare 5 -- SMDR.NLM, TSANDS.NLM, TSA500.NLM 


The *SAVRST connection must use the same user name and password as are used to start the 


*USER connection. 
9. You can use the Connection idle time field to do this: 
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* Force a connection to remain active indefinitely. You might want to use this (along with «ANY in the 
cae oe a ee ee eee 

* Allow the system to automatically close connections that have not been used for a specified period 
of time, possibly to reduce the number of active connections. This value defaults to 15 minutes. 


10. Press Enter to start the connection. 


If you have trouble starting the connection, see the topic on troubleshooting|authentication errors 


Details: Connections in a batch job or printing 


You can use connections in a batch job or for printing. However, doing this involves special considerations: 

¢ Whether or not an authentication entry for the desired tree or server exists for the iSeries user profile 
under which the job will run. 

¢ Whether or not there is a password. 

¢ Whether or not QNetWare file system access is required. 


If an authentication entry exists for the iSeries user profile under which the job will run, and the profile 
contains the correct NetWare user name and password, the system can start the necessary connections. 
No special action is required. 


If no authentication entry exists, or there is no password in the authentication entry, you must|start al 
manually in one authentication entry. To start this connection manually, you have two options: 
1. From an interactive job, use the STRNTWCNN command, specifying the batch job’s iSeries user 
profile and an authorized job value of *ANY. For example: 
STRNTWCNN SERVER(X) AUTUSR(batch-usrprf) AUTJOB(*ANY) 
PASSWORD (XXX) 


or 


STRNTWCNN SERVER(X) AUTUSR(batch-usrprf) AUTJOB(*ANY) 
NDSCTX (XXX) NTWUSER(XXX) PASSWORD (XXX) 
2. Have the batch job start the connection, but specifying AUTUSR(*CURRENT) and AUTJOB(*) (these 
are the command defaults). For example: 


STRNTWCNN SERVER(X) NTWUSER(XXX) PASSWORD (XXX) 


The QNetWare file system requires a connection for the current job (AUTJOB(*)). This means that to 
access the QNetWare file system from a batch job, you must either: 
° Have anlauronicaion Srtniin the batch user profile that contains the proper password. (This requires 
ou to enable iSeries to save passwords (see 
connections” on page 17) 


¢ Have the batch job start the connection, specifying AUTJOB(*) as described above. 


Create authentication entries 


Before starting a requested connection to a NetWare server, iSeries searches for an authentication entry 
for that server. You can create authentication entries to store the user name and password for each NDS 
tree to which users require connections in two ways: 

¢ Manually by using the Add NetWare Authentication Entry (ADDNTWAUTE) command to create an 


authentication entry. 
¢ Automatically by|“Enroll iSeries users on NetWare” on page 33] When you create authentication entries 


automatically, the name of the iSeries profile and NetWare object and the passwords must match on 
iSeries and all the NetWare servers to which you want to connect. 


Note: Although iSeries users can have multiple NetWare user objects, they can have only one 
authentication entry for an iSeries profile per NDS tree. Therefore, create the authentication entry to 
access the NetWare user object that they use most often. 
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To create an authentication entry manually, do this: 

1. If you want iSeries to save password information with the authentication entry to[automatically star] 
Bc inoniceted connectonal NetWare, first change the QRETSVRSEC system value. 

2. Onan iSeries command line, type ADDNTWAUTE and press F4. 

3. For either NetWare 4.1 or NetWare 5, in the Server type field, specify *NDS and press Enter. 

4. To access NetWare with a different user profile than the one you are using on iSeries, specify that user 
profile in the NetWare user field. 


“iSeries authentication entry commands”|shows the commands to add, change, delete, or display 


authentication entries for an iSeries user profile. 


NetWare Directory Services 


NetWare Directory Services (NDS) is a relational database that is distributed across a NetWare network. 
NDS treats network resources as objects in a distributed database that is called the Directory tree and 
controls access to those objects according to the rights granted to users. 


iSeries authentication entry commands 


To display the authentication entries for an iSeries profile, use the Work with NetWare Authentication 
Entries (WRKNTWAUTE) command. Just type WRKNTWAUTE on an iSeries command line and press Enter. 
You can use this command to add, change, or delete authentication entries for a specific iSeries profile by 
selecting the option you want. You can also use these commands: 

¢ ADDNTWAUTE 

* CHGNTWAUTE 

¢ VFYNTWAUTE 

¢ RMVNTWAUTE 

¢ DSPNTWAUTE 


For cleanup purposes only, the RMVNTWAUTE and DSPNTWAUTE commands are the only commands 
allowed to work with NetWare 3.x. 


Work with NetWare connections 


Once you establish a connection to a NetWare server, you can use the Work with NetWare Connection 
(WRKNTWCNN) command to work with that connection. This command enables you to do this: 
* End the connection to the server. This is equivalent to CLEAR STATION in NetWare. 


Be careful when you end connections. Ending a connection while in the middle of a transaction or file 
update can cause incorrect data to be saved. 
¢ Display connection information for: 
— All connections between this iSeries system and a NetWare server 
— All connections on the NetWare server 
¢ Print the connection information that appears on the Display NetWare Connection screen. 
* Work with the iSeries job that is associated with the connection. 


To work with your NetWare connections, follow these steps: 

1. On an iSeries command line, type WRKNTWCNN and press F4. 

2. Specify the server you want. 

3. In the Category field, specify whether you want to work with the local connection (from iSeries to the 
server) or connections on the server. Press Enter. 


If you usually want to work with “SERVER category connections rather than with local connections, 
you can change the command default. Use the CHGCMDDFT command to change the category 
(CGY) default: 


CHGCMDDFT CMD(WRKNTWCNN) NEWDFT('CGY(*SERVER) ') 
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The object name displayed on the *SERVER display is relative to the current context of the job (which 
ou set by using the CHGNDSCTX command or permanently by using the |CHGNWSA|or 
ICHGNWSUSRA|commands). You can find more information about user context in 
4. Select the option you want and press Enter. 


Alternatively, you can use these commands: 

1. Type WRKNWSSTS, select option 11, press F4, and specify «SERVER. 
2. ENDNTWCNN 

3. DSPNTWCNN 


You can also|work with server] connections by selecting option 11 from the WRKNWSSTS display, then 
pressing F4. Specify «SERVER. 


Work with your NetWare servers from iSeries 


After you establish a connection to a NetWare server, NetWare Enhanced Integration enables you to work 
with that server from your iSeries console. You can display information about the servers, such as whether 
they are active, and work with connections, volumes, and user enrollment. 


To do this, use the Work with Network Server Status (WRKNWSSTS) command: 
1. Onan iSeries command line, type WRKNWSSTS SVRTYPE(*NETWARE) and press Enter. iSeries shows a list 
of servers, lets you know whether they are active, and provides options for working with them. 


Note: If you|defined network server attributes} to have iSeries show only NetWare servers by default 


instead of all servers, you need to type only WRKNWSSTS. 
2. Type the appropriate number for the action you want to take by the server name and press Enter. 
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Chapter 7. Manage NetWare users from iSeries 


NetWare Enhanced Integration includes support that enables you to enroll iSeries group and user profiles 
on one or more NDS trees. User enrollment enables you to easily manage NetWare users from a 
centralized location and simplifies access to NetWare servers. 


This support is not intended to completely replace your use of NetWare administration tools, such as 
SYSCON and NetWare Administrator (NWADMIN). However, it has certain 


To take advantage of this integration, do this: 

1. First road|fUsarenrolmentl These topics describe the process of user enrollment and discuss some 
considerations to keep in mind as you plan for user enrollment and management of NetWare users 
from iSeries. 


Set up your NetWare servers|for user enrollment. 
Set up your iSeries] for user enrollment. 


Create iSeries group and user profiles} for the users that you want to enroll. 
Enroll those users on NetWare} This page includes example command strings that you can use. 
After you enroll users, you can do this: 


Check their enrollment status 
Use these commands to jextend profile changes 


¢ Use these commands to|work with user profiles 
If you have trouble with user enrollment, see |Chapter 12, “Troubleshoot NetWare Enhanced Integration” on 
page 71] 71 


our wh 


from iSeries to NetWare. 


Advantages of managing NetWare users from iSeries 


Managing NetWare users from iSeries gives you these advantages: 
¢ Central user ID administration 


You can manage enrollment of iSeries and PC users on NetWare from a single iSeries. You can add, 
remove, or change users or groups on selected NDS trees by making changes from iSeries. You can 
also display information on iSeries that shows which users are enrolled and on which NDS trees. 

¢ Automatic extention of iSeries user profile attributes 


If a password for an iSeries user profile changes, that change automatically spreads to the 
corresponding user object on all of the NDS trees that you specify. This function is especially helpful 
when managing users who are defined on several NetWare servers. 


Other user profile attributes extended to NetWare include the text field, profile login script, password 
expiration interval and expiration date, and login expiration date. 
¢ Automatic creation of NetWare group and user objects 


You can automatically create NetWare objects by enrolling iSeries users and groups on NetWare. When 
you enroll a group, you can also enroll all of its members. The new NetWare group and user objects are 
created with the same name as their iSeries profiles. 

¢ Automatic creation of NetWare authentication entries 


When you enroll users on NetWare, iSeries automatically creates an authentication entry associated 
with the users’ iSeries profile to allow easy access to NetWare services. iSeries uses the authentication 
entry to verify authorization to NetWare when starting a connection to a NetWare server. 


User enrollment 


When you plan for user enrollment and management of NetWare users from iSeries, you might find the 
information in these topics helpful. These topics describe the process of user enrollment and discuss 
considerations to keep in mind: 
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¢ |“QNETWARE user profile”|tells how iSeries uses this profile that you create for your NetWare servers. 
* |“Network server user attributes”|tells how network server user attributes preserve network information 
f or user profile. 


or a group 
* |“Profile characteristics” on page 29|describes the ways iSeries and NetWare treat group profiles 


differently, provides tips on using group profiles, and tells which profile attributes extend to NetWare. 
° /“NetWare object rights and attributes” on page 31] discusses options for creating groups and defining 


their security rights. 
* |“Use of multiple iSeries systems to enroll users” on page 31]tells why you should use completely 


separate user profile sets when you enroll a user to multiple iSeries systems. 
QNETWARE user profile 


The QNETWARE user profile on iSeries and NetWare enables iSeries user enrollment to NetWare. 
Therefore, you must rate a GNETWARE user object in the bindery in each NDS tree that you want to 
manage from iSeries. The QNETWARE user object must have ADMIN authority to be able to create 

objects and to manage passwords in the network. Although doing so is not prohibited, you should not use 


the QNETWARE user object to log in to NetWare from a client workstation. 


When you install NetWare Enhanced Integration, iSeries automatically creates the QNETWARE user 
profile in the disabled state. It is not allowed to run iSeries jobs; QNETWARE’s only purpose is to enroll 
iSeries users and to extend iSeries profile information to NetWare. 


iSeries uses the QNETWARE user profile to log on to each NetWare server, as in the figure below. iSeries 
then communicates with the NetWare Enhanced Integration NLM, sending the commands necessary to 
enroll iSeries users and to update group and user profile information in the network. 


QNETWARE 


QNETWARE QNETWARE 


AS4NVWnnn. WLM AS4h/nnn. HLM 
Py S DTT -3 


Network server user attributes 

The iSeries network server user attributes preserve network information for a group or user profile. Many 
of the administrative commands use some of this information, such as the default server type, default 
context, and default NDS tree. The network server user attributes also contain a list of NDS trees (and 
associated user information) that are used by the user enrollment support to enroll the user or group on 
NetWare. 


28 iSeries: NetWare on iSeries 


You can set defaults for this same information on a system-wide basis by using the Change Network 
Server Attribute (CHGNWSA) command (described in|“Define network server attributes” on page 18 
To specify these attributes on an individual or group profile basis and enroll iSeries users to NetWare 


servers, you use the CHGNWSUSRA command (described in|“Enroll iSeries users on NetWare” on 
[page 33} 33) 


. You use these attributes to specify the NDS trees on which you want to enroll iSeries users. 


Profile characteristics 


On iSeries, a user profile can be used as either a user or a group profile. That means someone can sign 
on to iSeries with a group ID and do work on the system as a user. However, in NetWare, only user 
objects can be used to log in and run applications. Groups are separate object types that are used only to 
combine and then manage individual user objects as one entity. For example, you can specify file access 
rights on a group object basis, and the users belonging to those groups inherit those file rights. 


You can define an iSeries profile as a user object in one NDS tree and as a group object in a different 
NDS tree. However, you cannot define an iSeries profile as both a group and a user in the same NDS 
tree. 


You can define iSeries group profiles as user objects on NetWare. However, group members in these 
profiles are not automatically enrolled on NetWare. 


Defining iSeries user profiles as group objects on NetWare has these advantages: 

¢ Using groups reduces the number of profiles that you must individually enroll in your network. When you 
enroll an iSeries group profile and its members to a NetWare server, the user profiles that belong to the 
group enroll automatically. 

¢ Using groups also reduces the number of profiles for which you need to define NetWare security. You 
can set rights and attributes for a group object, and the group members inherit those rights and 
attributes. 

¢ You can also use groups to better manage access to your network resources. For example, if you install 
financial applications and data on a NetWare server, you can grant access for that server to only the 
FINANCE group. 


When you enroll iSeries group and user profiles on NetWare servers, iSeries sends only the information in 
sie brouplend profiles that applies to NetWare. The profile information that you specify for those 
iSeries attributes overwrites the corresponding NetWare attributes. Thus any changes that NetWare users 
make to these attributes are overwritten when you propagate the iSeries profile changes. 


You can add additional NetWare group and user attributes, such as user properties for a telephone 
number, fax number, and last name, from the NetWare NWADMIN utility. 


iSeries group profiles in NetWare 

When you enroll an iSeries group profile as a group object in NetWare, these iSeries attributes are 

propagated: 

Profile name 
The name of the iSeries group profile, which corresponds to the name of the group object in 
NetWare. 

Text The text description field on an iSeries group profile, which corresponds to a text description of the 
group object in NetWare. 


You can define this with the Text parameter by using either the Create User Profile (CRTUSRPRF) 
or Change User Profile (CHGUSRPRF) command. 

NDS context 
The context of the NDS tree in which the iSeries group profile is to be placed as a NetWare group 
object. 
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You can define this with the CHGNWSA command (described in|“Define network server attributes” 
lon page 18) or the CHGNWSUSRA command (described in|“Enroll iSeries users on NetWare” on 
page 33). 


iSeries user profiles in NetWare 
When you enroll an iSeries user profile as a user object in NetWare, you can propagate these iSeries 
attributes. The fields shown in bold italics are updated on NetWare every time the iSeries profile changes. 
Profile name 

The name of the user object in NetWare, which corresponds to the iSeries profile name. 
NDS context 


The context of the NDS tree in which the user profile is to be placed as a NetWare user object. 

Specify the NDS context with the CHGNWSA command (described in 

attributes” on page 18) or the CHGNWSUSRA command (described in 

* If you enroll an iSeries group and all its members, the context for each member is the same as the 
group context. 

¢ If you enroll a user as a member of multiple groups, and more than one of those groups is enrolled 
in an NDS tree, the user object has the same NDS context as the first group to which it was 
enrolled. 

— If you enroll the main group to which a user belongs, the user object has the same NDS context 
as this group. 

— If you do not enroll the main group to which a user belongs, but you do enroll one or more of the 
supplementary groups, the user object has the same NDS context as the first supplementary 
group to which it was enrolled. 

Profile login script 
The name of a login script that is run for a profile when the user logs in to the NetWare server or NDS 
tree. 


You can define this with the Profile object entry field of the NDS tree list parameter by using the 
CHGNWSUSRA command (described in [Enroll iSeries users on NetWare" on page 33). 

Password 
The iSeries password is used to set the user password on the NetWare servers. This corresponds to 
the PASSWORD parameter on either the CRTUSRPRF or CHGUSRPRF command. 

Password required 
If the iSeries system value QSECURITY is 10, the NetWare user objects that are created do not 
require a password to sign on to the server. All other iSeries QSECURITY levels require that a user 
object log in with a password. 

Unique password 
If the system value QPWDRQDDIF is 0, the new password does not have to be unique when it is 
changed. Any other value for QPWDRQDDIF forces the user to supply a new password that is unique. 

Password expiration interval 
The number of days a user object’s password is valid. This corresponds to the password expiration 
interval (PWDEXPITV parameter) on the CRTUSRPRF or CHGUSRPRF command. If this value 
indicates to use the system value QPWDEXPITV, iSeries uses the system value to set the expiration 
interval. 

Password expiration date 
You can use the Set password to expired field on the CRTUSRPRF or CHGUSRPRF command to 
indicate that a password has expired. If you change this field to *YES for an iSeries user profile, 
iSeries changes the Password expiration date to the day before. For example, if you change the Set 
password to expired field to *YES on 4/17/97, iSeries sets the password expiration date on NetWare 
to 4/16/97. 


Note: NetWare 4.1 user objects created during user enrollment are not allowed to change passwords. 


Login grace limit 
User objects are allowed 6 more logins after a password has expired. This is the default. 
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Account disabled 
The Status field on the CRTUSRPRF or CHGUSRPRF command is used to indicate whether the user 
can log into the NetWare server or NDS tree. 

Text 
The Text description field on an iSeries user profile, which corresponds to a text description of the user 
object in NetWare. 


You can define this with the Text parameter using either the CRTUSRPRF or CHGUSRPRF 
command. 


NetWare object rights and attributes 


If you plan to enroll iSeries groups and all of their members, you can either: 

* Create the group objects first on NetWare and then define their security rights. Then you can enroll 
iSeries group members without overwriting the NetWare security information. 

* Have the group objects created on NetWare during user enrollment and then define their security rights. 


With either method, the users that are enrolled into these groups will belong to a NetWare group that 
already has its security rights set. The user objects inherit the same rights that are already set for the 
group object. 


Whether you enroll iSeries user profiles individually or as group members, the corresponding NetWare 
user objects might be added to the NetWare EVERYONE group when they are created. NetWare adds 
user objects to the EVERYONE group only if it already exists in the same container where the user object 
is being created. All users added to EVERYONE inherit the security rights that are defined for that group. 


Use of multiple iSeries systems to enroll users 


iSeries user enrollment from a single iSeries works independently of any other iSeries system. Although 
you can enroll users on the same NDS tree, this is not recommended. 


If you want to enroll iSeries users from more than one iSeries, consider having completely separate user 
profile sets. Otherwise, you could encounter undesirable enrollment situations. 


For example, MARLA is enrolled on NetWare SERVER1 from iSeries A. MARLA is then enrolled on the 
same server from iSeries B with a different password than the one used on iSeries A. Now MARLA’s 
password on iSeries A no longer matches the password on SERVER1 and she cannot start connections to 
SERVER1 automatically from iSeries A. 


Set up your NetWare servers for user enrollment 


Before you can enroll iSeries users on your NetWare servers, you need to set up those NetWare servers 


for user enrollment. To set up your servers for user enrollment, do this: 

1. Ensure that youl netelled the NetWare © chanced \nlegiation NEWon each NetWare server during the 
installation process. 

2. Create a |QNETWARE user profiel on each NDS tree on which you want to enroll iSeries users. iSeries 
uses the QNETWARE user profile to log on to the server and enroll users. The QNETWARE user 
profile must have enough authority to create, change, and delete user and group objects. This could 
include: 

* Properly positioning QNETWARE in an NDS tree 

* Granting QNETWARE ADMINISTRATOR authority 

* Making the security for QNETWARE equivalent to the security of an existing user object that has the 
necessary authority 


Generally, you should use the same password for QNETWARE on each server. If the password is 
different, you must create-a QNETWARE authentication entry for each NetWare tree or server you 
enroll to, as described in|“Set up iSeries for user enrollment” on page 32 
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To set up your NetWare servers for user enrollment, use the NetWare SYSCON, NETADMIN, or 
NWADMIN utility to create the QNETWARE user object and to define its security. Refer to your 
NetWare documentation for information about using these utilities. 


Set up iSeries for user enrollment 


When you install NetWare Enhanced Integration, a default QNETWARE user profile is created with *NONE 
for a password. You need to change the QNETWARE profile so it can log in to the NDS trees on which 
iSeries users are to be enrolled. 


To set up your iSeries system for user enrollment: 


¢ lf you did not already do so (described in|“Enable iSeries to automatically start authenticated 
connections” on page 17 


), set the Retain Server Security (QQETSVRSEC) system value to 1. This 
speeds up user access by having iSeries retain security information such as passwords, which are 
needed to authenticate users’ access to NetWare. However, if you choose not to let iSeries store 


passwords, you can stilllenroll iSeries users}on NetWare. 


¢ Set the password for QNETWARE on iSeries. 


If you used the same password for the QNETWARE user objects on most or all of the NDS trees, use 
the same password for QNETWARE on iSeries. 


To set the password for the QNETWARE profile, enter: 
CHGUSRPRF USRPRF(QNETWARE) PASSWORD (password) 


Note that you cannot enable the QNETWARE profile; iSeries intercepts and ignores attempts to change 
the profile to an enabled state. If QNETWARE is enrolled on NetWare, you also cannot set the 
password for QNETWARE to *NONE. If you do, the QNETWARE user profile automatically disables the 
QNETWARE user object on NetWare; then user enrollment cannot proceed. 


* To extend QNETWARE profile changes, including passwords, to the NDS trees on which you enroll 
iSeries users, use the CHGNWSUSRA command (described in|“Enroll iSeries users on NetWare” on 
page 33}. Specify the NDS trees that should receive the profile changes or use the value *NWSA to 


refer to|network server attributes| that you defined. 


¢ If you want to enroll iSeries users on NDS trees to which the QNETWARE profile changes were not 
propagated in the previous step, use the ADDNTWAUTE command. Use this command to create 
authentication entries for the QNETWARE profile on those NDS trees. 


You also might choose this option if you want to have different passwords for QNETWARE on the 
various NDS trees. 


To create an authentication entry for the QNETWARE user profile that has a password of OWNER in 
NDS tree TREE1 in NDS context MAIN, you would enter: 


ADDNTWAUTE SVRTYPE(*NDS) NDSTREE(TREE1) 
USRPRF (QNETWARE) PASSWORD (OWNER) 
NDSCTX (MAIN) 


To create a NetWare authentication entry for the QNETWARE user object, which has a password of 
OWNER in SERVER1, you would enter: 


ADDNTWAUTE SVRTYPE(*NETWARE3) SERVER(SERVER1) 
USRPRF (QNETWARE) PASSWORD (OWNER) 


For more information, see |Chapter 6, “Manage NetWare server connections and authentication” on 


page 21 
Create iSeries group and user profiles for NetWare servers 
If you do not have iSeries profiles that represent the structure you want in your NetWare network, you 
need to create iSeries group and user profiles. (You might want to first read|“NetWare object rights and 
attributes” on page 31|) If your iSeries is already set up with group and user profiles that you can 
propagate to NetWare, go to|“Enroll iSeries users on NetWare” on page 33 
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To create user or group profiles for users on iSeries that need to access NetWare servers, use the Create 
User Profile (CRTUSRPRF) command. 


For example, to create a group profile that you name FINANCE for a group of users that needs to access a 
NetWare server for a specific financial application, enter: 


CRTUSRPRF USRPRF (FINANCE) 


To create a user profile named TOM and add it to the FINANCE group profile, enter: 
CRTUSRPRF USRPRF(TOM) GRPPRF (FINANCE) 


A user profile must have a primary group before you can specify a supplementary group. NetWare does 
not distinguish between a primary group and a supplementary group. After you create the iSeries profiles, 
you can fenrollthem on NDS trees. 


Enroll iSeries users on NetWare 


You can automatically create NetWare user objects by enrolling iSeries users on one or more NDS trees. 


This means that certain iSeries profile information automatically propagates to NetWare. Before you begin 
enrolling iSeries users on NetWare, read about/“User enrollment” on page 27; 


If you plan to enroll most of your iSeries users on the same set of NDS trees, you can simplify enrollment 
by first defining a default list of those servers and trees. (See the configuration topic on 
If you did not set your iSeries to store passwords, see also|“Enroll users when iSeries| 
does not store passwords” on page 35 


To enroll iSeries users on NetWare, you need to specify the NDS trees on which you want to enroll them. 

You do this by using the Change Network Server User Attributes (CHGNWSUSRA) command. 

1. On the iSeries command line, type CHGNWSUSRA and press F4 to see the Change NWS User Attributes 
(CHGNWSUSRA) display. 

2. In the User profile field, specify the name of the user or group. 

3. When you enroll group profiles, specify the Profile type as *GROUP. You can also specify Propagate 
group members (PRPGRPMBR) as *ALL if you want to enroll all the group members. The default of 
*NONE specifies that group members are not to be enrolled. 

4. You can use the NDS tree and NDS context fields to set the default location for the current job. 

Page down to specify the NDS tree list to which you want to enroll users. 

In the NDS tree list field, specify a list of NDS trees OR *NWSA (to refer to a [default lisi that you 

defined as a network server attribute). Use this information to fill in the NDS tree list fields: 

NDS tree parameter 
The NDS tree in which the iSeries group or user is to be enrolled. 

User object context 
The location in the NDS tree where the NDS group or user object is to be created during 
enrollment. 

Default server 
The default server in the NDS tree that is to be used to enroll the iSeries profiles. You can improve 
performance by specifying a server rather than using the default *ANY. If the specified server is not 
active when iSeries attempts to connect to NetWare, iSeries searches the NDS tree for other 
active servers. 

Profile object 
The distinguished name of the default NDS profile object that contains the login script that the 
NetWare object is to use when logging into the network. 


“Examples: Specify an NDS tree list” on page 34|/shows examples of enrolling either a group profile or 


a user profile in an NDS tree. 


Oa 
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Specify the default list of NDS trees 
If you define your NetWare servers and NDS trees in the [network server attributes} you can simplify 


enrollment by first defining a default list of those servers and trees. Then when you enroll users, you can 
refer to that list of default attributes by specifying *NWSA on the appropriate CHGNWSUSRA command 
parameters. 


When you specify the NDS tree list (NDSTREELST) parameter as *NWSA, you avoid having to change 
iSeries group or user profiles when you add or remove NetWare servers from your network. Changes to 
any user or group profiles that you define to use the *NWSA value extend automatically to new servers 
that you add to the network server attributes. Refer to|‘Examples: Specify *NWSA’] for examples that show 
how to enroll a group profile or a user profile to the system-default list of NetWare servers and NDS trees. 


To see what your NWSA values are, use the Display NWS Attributes (DSPNWSA) command with 
OPTION(*NETWARE). 


Examples: Specify *NWSA 
These examples show how to enroll either a group profile or a user profile to the system-default list of 
NetWare servers and NDS trees. 


Group Profile: 


To enroll the group profile FINANCE and all its group members on the NDS trees that are defined in the 
network server attributes (NWSA), enter: 


CHGNWSUSRA USRPRF (FINANCE) PRFTYPE(*GROUP) PRPGRPMBR(*ALL) 
NDSTREELST (*NWSA) 


All the FINANCE group members, including JOHN (whose user profile was created according to the 
Gtectone inf Cresta (Series group and user protles for NetWare servers” on page 30 are now envolled 
on NetWare. Future changes to the FINANCE profile, or any user profiles for members of FINANCE, will 
be propagated to NetWare. 


User Profile: 


To enroll user profile JOHN on the NDS trees that are defined in the network server attributes (NWSA), 
enter: 


CHGNWSUSRA USRPRF (JOHN) PRFTYPE(*USER) 
NDSTREELST (*NWSA) 


Notes: 


1. You cannot specify *NWSA as the NDS tree list if you want to specify additional servers that were not 
defined in the network server attributes. 


To enroll an iSeries group or user profile on servers other than those defined as network server 
attributes, you must use the CHGNWSUSRA command. Specify all the NDS trees for that profile, even 
if most of them are defined in the network server attributes. 


2. You might not want to specify *NWSA if your NetWare authorization differs from one NDS context to 
another and you want to enroll iSeries users in the context that matches the desired authorization. 


Examples: Specify an NDS tree list 
These examples show how to enroll either a group profile or a user profile in NDS tree XYZ. 


Group Profile: 
To enroll group profile FINANCE and all of its group members in context 0=MAIN in NDS tree XYZ, enter: 


CHGNWSUSRA USRPRF(FINANCE) PRFTYPE(*GROUP) PRPGRPMBR(*ALL) 
NDSTREELST((XYZ 'O=MAIN' PUBSRV1 NWLOGIN)) 
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The FINANCE group object and user objects corresponding to the iSeries group members are created in 
the NDS tree. From now on, users added to or removed from iSeries FINANCE group profile are added or 
removed from NDS tree XYZ. 


User Profile: 


To enroll user profile MIKE in context MAIN.PERSONNEL in NDS tree XYZ, enter: 


CHGNWSUSRA USRPRF (MIKE) PRFTYPE(*USER) 
NDSTREELST((XYZ '.PERSONNEL.MAIN' PUBSRV1 NWLOGIN) ) 


The MIKE user object is created in NDS tree XYZ and will use NWLOGIN as his login script. 


Enroll users when iSeries does not store passwords 
By default iSeries has a system value set that prevents storing passwords with authentication entries. You 


can change this system value to enable iSeries to keep passwords (as described in}|“Enable iSeries to 
automatically start authenticated connections” on page 17). If you prefer not to have iSeries store 


passwords for security reasons, you can still enroll iSeries users to NetWare. 


To enroll users when iSeries does not store passwords: 

1. Make sure that QNETWARE has a NetWare|authentication entry| for each NDS tree on which you want 
to enroll iSeries users. 

2. Define the NDS trees on which to enroll the iSeries profile by using the CHGNWSUSRA command 


(described in|Enrolling users.) 


Enrollment delays until iSeries temporarily accesses the profile’s password. 
3. To start enrollment, do one of the following: 
¢ Have the iSeries user sign on to iSeries. 
* Have an iSeries user with *SECADM authority set the profile’s password by using the CHGUSRPRF 
command. 
* Have the iSeries user change the profile’s password by using the CHGPWD command. 


The iSeries profile attributes are propagated to NetWare. If a NetWare object with this name does not 
exist, one is created with the same name as the iSeries profile. If a NetWare object with this name 
does exist, it is updated with iSeries profile changes. An authentication entry is not created. 


Propagate profile changes to NetWare 


After you enroll iSeries users on NetWare, profile changes for those users go automatically to NetWare 
and overwrite the corresponding NetWare attributes. iSeries sends only information in the|group} orjuser 
profile that applies to NetWare. Only those iSeries profiles that you enroll are affected when you make 
these changes: 
¢ Change network server attributes by using the CHGNWSA command (if you specified *NWSA for the 
NDS tree list parameters on the CHGNWSUSRA command). 
¢ Change the list of NDS trees to which iSeries sends profile changes for a particular iSeries profile by 
using the CHGNWSUSRA command. 
¢ Change the password of a user profile by using the CHGPWD or CHGUSRPRF command. 
¢ Use the CHGUSRPRF command to do this: 
— Change the set password to expired field of an iSeries user profile. 
— Change the text (description) of an iSeries group or user profile. 
— Change the status of an iSeries group or user profile to ENABLED or *DISABLED. 
— Add an iSeries user profile to an iSeries group that you are enrolling. 
— Remove an iSeries user profile from an iSeries group that you are enrolling. 


Note: Be careful about removing a user profile if all these conditions are true: 
- The user profile was enrolled only as a group member with the PRPGRPMBR(*ALL) 
parameter 
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- The user profile does not belong to any other groups that were enrolled 
- You remove that user profile from the group 


In this situation, the NetWare user object with the same name is deleted on all NDS trees that 
you specify with the CHGNWSUSRA command. 


— Add an iSeries user profile to an enrolled iSeries group by using the CRTUSRPRF command. 
— Delete an iSeries profile by using the DLTUSRPRF command. 
— Sign on to iSeries and use one of the preceding commands when iSeries does not store passwords. 


In this case, propagation delays until you sign on so iSeries can obtain the password. 


If you decide you no longer want iSeries to send profile changes for a particular user or group to your 


NetWare servers, you canjend user enrollment 


Check iSeries user enrollment status 


After you enroll iSeries group and user profiles on NetWare, you can use the Work with NWS User 
Enrollment (WRKNWSENR) command to determine their status. 


You can obtain enrollment status by user profile, profile type, and server type: 


1. 
2: 


3. 
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On the iSeries command line, type WRKNWSENR and press F4. 

If you want to display enrollment status for groups, change the Profile type field to *GROUP instead 
of the default, which is by USER. 

If you defined network user attributes, you can use the default for server type. Otherwise, make sure 
that the Server type field has «NETWARE. 

Press Enter, and iSeries displays the additional parameters: NDS tree and Server. If you specify 
“NWSA for the NDS tree and Server parameters, iSeries displays those groups and users that are 
being enrolled into the NDS trees defined in the network server attributes. 

Press Enter to view all the NetWare servers and NDS trees on which groups are to be enrolled. 


This Work with NWS User Enrollment display shows a list of NetWare servers and NDS trees and the 
current enrollment status of each group. 


Work with NWS User Enrollment 
System: SYSTEM1 
Type options, press Enter. 
2=Change user profile 4=Remove entry 5=Display user profile 6=Retry entry 
14=Change network user attributes 15=Display network user attributes 
16=Display error details 


Entry Enrollment Error 
Opt Profile Type status code Text 
IBM_TREE1 *NDSTREE 
pe GROUP1 *GROUP *CURRENT Scott and Marla 
PUBS *GROUP *CURRENT Edith and Merry 
RCHHJA50 *NTW3SVR 
FELLOWSHIP *GROUP *UPDPND Dennis and Lee 


Bottom 
Parameters or command 
sse> 
F3=Exit F4=Prompt F5=Refresh F6=Print list F9=Retrieve 
Soe users F12=Cancel F17=Position to y 


If the iSeries profile is not enrolled on NetWare, use option 6 to retry the enrollment request even if the 
status is “CURRENT and there are no error codes. 


If error codes appear, use option 16 to view error details and refer to|“User enrollment error codes” on 
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User enrollment and authentication commands 
Use the following commands to work with NetWare user enrollment on iSeries. 


Table 2. User Enrollment Commands 


Enter this iSeries 


command to... 

ADDNTWAUTE Add a NetWare authentication entry to an iSeries profile that contains the NetWare user 
name and password used to connect to a NetWare server. 

CHGNWSA Define the NDS context and a default set of NetWare servers and NDS trees on which 
iSeries users can be enrolled. 

CHGNWSUSRA Enroll iSeries group and user profiles on NetWare. 

If you specify NDSTREELST(*NONE) and NTW3SVRLST(*NONE), the profile is not enrolled on 
NetWare. 

CHGPWD Change the password of a iSeries user profile. If the user profile was enrolled on 
NetWare, the password of the NetWare user object with the same name is also 
changed. 

CHGUSRPRF Change attributes such as the description of an iSeries group or user profile. If the 


iSeries profile was enrolled on NetWare, the attributes of the NetWare group or user 
object with the same name are also changed. 


CRTUSRPRF Create a iSeries user profile that can be enrolled on NetWare. 

DLTUSRPRF Delete a NetWare group or user object if the iSeries profile with the same name was 
enrolled on NetWare. 

WRKNTWAUTE Create, change, display, or remove a NetWare authentication entry. 

WRKNWSENR Check the status of iSeries profiles being enrolled on NetWare. You can also change or 


display iSeries profiles, change or display network user attributes, try the enrollment 
request again, remove entries for enrollment requests in a delete state, or display error 
details for iSeries profiles being enrolled on NetWare. 


End user enrollment 


You can unenroll an enrolled iSeries user or group from one or more NDS trees or NetWare servers in one 
of these ways: 
* To unenroll an iSeries profile from all NDS trees and NetWare servers, change the NDS tree list to 

*NONE for that profile: 

1. On the iSeries command line, type CHGNWSUSRA and press F4. The Change Network Server 
User Attributes display appears. 

2. In the User profile field, specify the name of the user or group that you want to unenroll from your 
NetWare servers. 

3. When you unenroll group profiles, specify the Profile type as *GROUP. 

4. Specify «NONE for the NDS tree list field and press Enter. iSeries attempts to remove the NetWare 
object with the same name as the iSeries profile from the NDS trees and NetWare servers on which 
it was enrolled. 

¢ For iSeries profiles that list NDS trees, rather than using *NWSA to refer to network server attributes, 
you can remove a specific tree or server from the profile: 

1. On the iSeries command line, type CHGNWSUSRA and press F4. The Change Network Server 
User Attributes display appears. 

2. In the User profile field, specify the name of the user or group that you want to unenroll from a 
particular NDS tree. 

3. When you unenroll group profiles, specify the Profile type as *GROUP. 
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4. Remove the NDS tree from the NDS tree list for this profile and press Enter. iSeries attempts to 
delete the NetWare user or group object with the same name as the iSeries profile from the 
removed trees or servers. 

¢ Unenroll iSeries user profiles that were enrolled only as members of a group by directing iSeries to not 
propagate group member information for that group. To do this, use the CHGNWSUSRA command to 
change the PRPGRPMBR parameter from *ALL to *NONE for the iSeries group profile. iSeries attempts 
to delete the NetWare user or group object with the same name as the iSeries profile from the NDS 
trees in which the group was enrolled. 

¢ Remove NDS trees from the network server attributes by using the CHGNWSA command (described in 
. Doing this causes iSeries to delete those users and 
groups that specify *NWSA from the removed trees or servers. 

¢ Remove an iSeries user profile from an iSeries group that was enrolled by using the CHGUSRPRF 
command. 


iSeries attempts to delete the NetWare user object with the same name from all NDS trees in which the 
group was enrolled if: 
— The user profile was enrolled only as a group member with the PRPGRPMBR(*ALL) parameter and 
— The user profile does not belong to any other groups that were enrolled and 
— You remove that user profile from the group 

* Delete an iSeries profile by using the DLTUSRPRF command. 


If iSeries can no longer access a NetWare server, it cannot complete these commands to remove an 
iSeries profile from that server. In this case, the Work with NWS User Enrollment display shows the status 
of the iSeries profile as either *DLTPND, *DLTRCYPND, or *DLTFAIL. To view an explanation of these 
status values, put the cursor on the Enrollment status column and press F1 and then F2. 


If one of these status values appears, you can remove the entry from the display by using Option 4. 
iSeries processes the entry as though the delete request completed successfully. If you use option 4 to 
remove the entry, you must delete the NetWare object from the NDS tree by using the NetWare 
NETADMIN, NWADMIN, or SYSCON utility. 
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Chapter 8. Manage NetWare volumes from iSeries 


NetWare Enhanced Integration enables you to manage|NetWare volumes| from iSeries. These volumes 
contain your users’ directories and files. Before you can work with NetWare volumes, you must have an 
Fienieetsd conrection|i® the server and *IOSYSCFG authority. The Work with NetWare Volumes 
(WRKNTWVOL) command shows the current volumes on the network. You can use this display by typing 
WRKNTWVOL on the iSeries command line, or you can use specific commands to change, delete, and display 
or print information about the NetWare volumes. 
NetWare volumes 
NetWare volumes 

ge| NetWare volumes 
Display] or print NetWare volume information 
NetWare volumes 


About NetWare volumes 


A NetWare volume is the highest level in the NetWare file system. It consists of up to 32 segments, which 
NetWare automatically numbers from 0 to 31. When you create a volume, the volume consists of one 
segment that is the size you specify. To increase the size of the volume, you add additional segments to 
the volume. The size of the volume increases by the size of the segments that you add. 


NetWare volumes on a PC server can spread across multiple disks. 


Access files in your NetWare volumes from iSeries 
You can access the files on your NetWare volumes in the [QNetWare file system] on the iSeries from either 


the iSeries Navigator interface or the command line interface. 


Use iSeries Navigator: 

1. Start iSeries Navigator as your 5250 emulator from your personal computer when you connect to your 
iSeries system. 

2. Expand your iSeries server —> File systems —> Integrated File System. 

3. Double-click on QNetWare to open the QNetWare file system. Your files should appear in the right 
pane. 


Use the command line: 


To display or access all the NetWare volumes in your network, you can use the Work with Object Links 

(WRKLNk) or Display Object Links (DSPLNK) command and use the OS/400 menus. You can also use 

this method to determine the path name for the MOUNT command. To improve performance, use the 

DETAIL(*NAME) parameter to show only the name of the link. 

1. On the iSeries command line, type WRKLNK and press Enter. The Work with Object Links display 
appears. 

2. Type 5 next to QNetWare and press Enter. iSeries displays the QNetWare directory. 

3. Type 5 next to the NetWare server on which you want to access files (VTWSERV.SVR in this example) 
and press Enter. 
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Work with Object Links 
Directory ....: /QNetWare 
Type options, press Enter. 


2=Edit 3=Copy 4=Remove 5=Display 7=Rename 8=Display attributes 
11=Change current directory ... 


Opt Object link Type Attribute Text 
RCHHJA19.SVR DDIR 
CTOTREE SRE DDIR 
5 NTWSERV.SVR DDIR 
IBM_TREE1.TRE DDIR 
ITSOMO2_TREE.TRE DDIR 
LONG_TREE_NAME_THA > DDIR 
LONGPATH_WITH_ENOU > DDIR 
MENG536.SVR DDIR 
NETSRV.SVR DDIR 


More... 
Parameters or command 
ee 
F3=Exit F4=Prompt F5=Refresh F9=Retrieve F12=Cancel F17=Position to 
aera entire field F23=More options 


Figure 1. Work with Object Links, QNetWare Directory 


4. On the next screen that appears, type 5 next to your document directory and press Enter. 


Now you should be able to access the information in that directory. You can also determine the correct 
path by using the path shown in the Directory field and the name of the object to which you are linking. 


Create a NetWare volume 


The easiest way to create a NetWare volume from iSeries is to use the Create NetWare Volume 
(CRTNTWVOL) command: 
1. On the iSeries command line, type CRTNTWVOL and press F4. 
2. In the Volume field, specify a name for the new volume. 
3. In the Server field, specify the NetWare server name. 
4. In the Size of volume field, either specify a specific size or use the default to create the volume with 
the maximum available size. 
Specify a device number for the NetWare server. (To find out the device number and available free 
space on the server, follow steps [1 on page 41]through[3 on page 41]of the procedure to increase 
volume size.) 
6. In the segment number field, either specify a valid segment number or allow the default *ANY. 
7. In the Block size field, specify a size or use the default. 
8. If you set data compression or block suballocation on, you cannot turn it off after mounting the 
volume for the first time. 
9. The text is held in an NDS object that corresponds to the volume. 
10. Press Enter to create the volume. iSeries creates the volume by using either the specified segment or 
the first free segment on the device that satisfies (or most closely matches) the requested size. 


a 


Change a NetWare volume 

With NetWare Enhanced Integration you can change NetWare volumes from your iSeries. 

From the iSeries command line, you can use the Change NetWare Volume (CHGNTWVOL) command, or 
the Work with NetWare Volumes (WRKNTWVOL) command, option 2 to do this: 


¢ {Increase the size 
¢ {Mount or remove the volume 


¢ Change associated text 
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¢ Add (but not remove) data compression by changing the value in the Data compression field from *NO 
to *YES 

* Add (but not remove) block suballocation by changing the value in the Block suballocation field from 
*NO to *YES 


Increase NetWare volume size 


NetWare Enhanced Integration enables you to increase the size of NetWare volumes from your iSeries. 
You can increase volume size by specifying the new size and the segment from which you want the 
additional size to be used. 


To increase volume size, do this: 

1. On the iSeries command line, type WRKNTWVOL and press F4. 

2. Specify the NetWare server name. 

3. Press F10 to show segments that are available on the NetWare server. Note the device number and 
size of free space on the *FREE entries. 


Segments that appear as «FREE have not been assigned to a volume. You can assign this free space 

to any other volume on any other disk device under these conditions: 

* That disk device does not already contain 8 segments that are assigned to volumes. 

¢ The volume that you want to increase has fewer than 32 segments from this and other disk devices. 
4. Type 2 (change) by the volume that you want to increase and press Enter. 
Specify a device number that has a *FREE segment. 
In the Size field, specify the new total size that you want the volume to be (not exceeding the 
available free space). For example, if you have a volume that is currently 50MB and you want to 
increase it by 30MB, specify 80MB for the size. iSeries uses 30MB from the device number that you 
specify. 
7. Press Enter, and iSeries increases the size of the volume. 


Oa 


Note: Changes to a segment or device number are only recognized if you increase the size. To decrease 
volume size, you must first delete the volume and then recreate it with the new size. 


Mount and remove NetWare volumes 
NetWare Enhanced Integration enables you to mount and remove NetWare volumes from your iSeries. 


To mount or remove a NetWare volume, do this: 

1. Onan iSeries command line, type WRKNTWVOL and press F4. 

2. Specify the NetWare server name. 

3. Either specify the volume that you want to change or use the default *ALL to have iSeries show all the 
volumes on that server. 

4. Type 2 (change) by the volume that you want to change. iSeries shows information for that volume. 

5. Change the value in the Mount field. 
¢ To mount the volume, change the value in the Mount field to «YES. 
¢ To remove the volume, change the value in the Mount field to «NO. 

6. Press Enter to run the command. 


Display NetWare volumes 


With NetWare Enhanced Integration you can display information about NetWare volumes on your iSeries. 
You can display information about volume segments and file system contents. 


To display the volume segments on a NetWare volume, do this: 

1. On the iSeries command line, type DSPNTWVOL and press F4 (or select option 5 from the Work with 
NetWare volumes display). 

2. Specify the names of the volume and server in the appropriate fields and press Enter. The Display 
NetWare Volume Display appears. 


Chapter 8. Manage NetWare volumes from iSeries 41 


Display NetWare Volume 

System: SYSTEMA 
VONUMGs 3 Feats Ss er csp ey ee ws eee ee SYS 
SERVE Vacs) tears itoncreeo cence SERVERO1 
Current.-cOntext: 6. 04) wo has, 8 ROOT 
NDS volume name. ....... =. :  SERVEROI SYS.PROG.ROCH.1BM 
Size in) megabytes... 3%... % . «3 200 
Number of segments .......: 1 
Percent used: ee ti.ccc su Gs 20 
MOUNGedi es ovcec os aes vos te ees ey Sot eros *YES 
Data compression ........:  ¥*YES 
Bliock suballocation: « = @ so a $ *YES 

More... 

Press Enter to continue. 
F3=Exit F6=Print  F12=Cancel 


“ 


Notice in this example of the first display screen that the NDS volume name appears with a name 
relative to your context in the NDS tree. If you change context (by using the Change NDS Context 

(CHGNDSCTX) command), then reenter the DSPNTWVOL command, this display changes to reflect the 
new position. For example this command: 


CHGNDSCTX NDSCTX('.PROG.ROCH.IBM') NDSTREE(BASE_TREE) 


changes the context and volume displayed to: 


Current context ........ . :  PROG.ROCH.IBM 
NDS volume name. ....... . : SERVEROQ1_SYS 
3. Page down for information on block size and specific volume segments. 


To display the file system contents of a volume, do this: 


1. On the iSeries command line, type WRKLNK OBJ(NDS_volume_name) and press Enter. iSeries shows you 


a list of files in the volume and provides options for performing actions on those files. 


Delete a NetWare volume 


NetWare Enhanced Integration enables you to delete NetWare volumes from your iSeries. To delete a 
NetWare volume, do this: 

On the iSeries command line, type DLTNTWVOL and press F4. 

In the Volume field, specify the name of the volume that you want to delete. 

In the Server field, specify the name of the NetWare server on which the volume is located. 

In the Dismount field, specify *YES. 

Press Enter, and iSeries deletes the volume. 


ake NS 


You can also use the WRKNTWVOL command and take option 4. 
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Chapter 9. Manage NetWare files from iSeries with QNetWare 
file system 


With NetWare Enhanced Integration, you can manage NetWare files, directories, and NetWare Directory 
Services (NDS) objects from iSeries. You do this by using the QNetWare file system, which is part of the 
integrated file system. If you are unfamiliar with the integrated file system, you might first want to browse 


through the topics in the articles. . Then come back here for information about 
the itself and directions for these tasks: 

“Authorize users to files and directories” on page 45 
“Change file or directory ownership” on page 48 
“Mount NetWare file systems” on page 49) 


“Display information about particular file systems” on page 49 
“Copy objects” on page 49 


“Considerations for using integrated file system APIs on the QNetWare file system” on page 58 


You can also read about [considerations] that you should be aware of if you plan to use integrated file 
system APIs with the QNETWARE file system. 


If you have problems when you work with your NetWare files from iSeries, refer to |“Troubleshoot 
QNETWARE file system problems” on page 75 


QNetWare directory structure 


QNetWare file system provides a hierarchical directory structure that allows users and application 
programs to access objects in the QNetWare directory on iSeries. Like other file systems, the QNetWare 
file system uses directories and subdirectories to store data. You canjaccess this data|through iSeries 


Navigator and through the command line interface. 


The QNetWare directory is at the root of the QNetWare file system. The QNetWare directory appears after 
you install NetWare Enhanced Integration and perform an IPL. You can create and manipulate NetWare 

files and directories that use QNetWare as the root directory through application program interfaces (APIs). 
APIs allow application programming and data sharing between workstations. 


The /QNetWare directory structure represents multiple distinct file systems. 
* The structure represents Novell NetWare servers and volumes out in the network in this form: 


/QNetWare/SERVER.SVR/VOLUME 


The extension .SVR is used to represent a Novell NetWare server. 
* When you access a volume under a server through either the integrated file system menus, commands, 
or APIs, iSeries automatically mounts the root directory of the NetWare volume on the VOLUME 
directory under /QNetWare. 
QNetWare represents NDS trees on the network in this form: 


/QNetWare/CORP_TREE.TRE/USA.C/ORG.O/ORG_UNIT.OU/SVR1_VOL.CN 


The extensions .TRE, .C, .0, .0U, and .CN represent NDS trees, countries, organizations, organizational 
units, and common names, respectively. If you access a Novell NetWare volume through the NDS path 
through a volume object, iSeries also automatically mounts its root directory on the NDS object. 
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This illustration shows the QNetWare file system and its associated servers and trees. The QNetWare 
subdirectory contains entries for each NetWare server that is connected to iSeries. 


OSYS.LIB DLS GNethare GOpensys 


a, ee 


NTHSRY LS YR NHOSTREE. TRE SAW RST 
ABC SVR AYE. TRE 


DIR1 DIRz2 SYSTEM. OW 


LOTUS.CH 


For more information about file, directory, and path names; some restricted directories; and how the 
QNetWare file system supports links, read |“Details: QNetWare file system” 
Details: QNetWare file system 


When you are working with the QNetWare file system, keep these guidelines in mind: 

* Links: The QNetWare file system supports only one link to an object. You cannot create or store 
symbolic links in QNetWare. However, you can create symbolic links in the “root” (/) or QOpenSys 
directories that point to a QNetWare file or directory. 

File and directory names: The QNetWare file system does not preserve the case in which files or 
directories are entered in a command or API. All names are set to upper case in transmission to the 
NetWare server. Novell NetWare also supports the namespaces of multiple platforms, such as DOS, 
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OS/2, Apple® Macintosh®, and NFS. Even though NetWare supports these namespaces, it also requires 
unique DOS names on all NetWare volumes. For consistency, the QNetWare file system displays all 
files and directories by using their DOS name. 

Path names: A path name tells the system how to locate an object. You express path names as a 
sequence of directory names followed by the name of the object. You can separate individual directories 
and the object names by either a slash (/) or backslash (\) character. 

Restricted directories: Certain directories within the QNetWare file system represent resources, such 
as servers, volumes, and NDS trees within the network. These directories change when the system 
administrator changes the network by adding or removing a volume, for example, or by bringing a 
server online. You cannot directly add or remove files or subdirectories from these directories: 


Directory Description 

QNetWare Contains servers and NDS trees 

QNetWare/<server.svr> Contains volumes on active NetWare servers 

QNetWare/<tree> Contains NDS objects on active NetWare 4.1, 4.2, or 5.0 servers. You can 
remove NDS objects but you cannot create new NDS objects through IFS 
interfaces. 


Authorize users to files and directories 


NetWare Enhanced Integration fully implements NetWare security and authenticates each user before 
allowing access to NetWare data. After installing NetWare Enhanced Integration, you must 

for each user, or each user mist eter a connection) the NetWare server before 
using the file system. 

When authorizing users to NetWare files and directories, consider that users inherit rights from parent 
directories and that a specific right overrides an inherited right. Usually it is easier to authorize a user to a 


high-level parent directory and control which authorities you allow to flow down to lower level directories by 
using|NetWare Inherited Rights Filters 


To authorize users to files and directories (or change their authority), you use the Work with Authority 

(WRKAUT) or Change Authority (CHGAUT) commands. To authorize a user to an object with the CHGAUT 

command, do this: 

1. On the iSeries command line, type CHGAUT and press F4. 

2. Inthe Object field, specify the name of the object to which you want to give the user authority. 

3. Specify the new data and object authorities that you want the user to have and press Enter to run the 
command. 


The QNetWare file system changes the authority on the NetWare server; it does not maintain its own copy. 
“NetWare authority and ownership” on page 46)has information about these topics: 

¢ NetWare authorities and object rights 

* How the iSeries authorities that you assign are mapped to NetWare rights 


The authority to write, delete, or rename a file is also controlled by NetWare file attributes. |“NetWare file 
mode support” on page 4 


7|provides more information. 


Inherited Rights Filter and effective rights 


The NetWare Inherited Rights Filter is a list of rights that is created for every file, directory, and object. It 
controls which rights trustees can inherit from parent directories and container objects. For more 


information, refer to|Novell product documentation for NetWare “4” . You can set the NetWare Inherited 


Rights Filter from iSeries by using the *NTWIRF special value on the WRKAUT command. To display your 
effective rights, use the DSPAUT command. Your effective rights are shown under special value, 
*“NTWEFF. 
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Work with Authority 


Object. ...........: £/QNetWare/ntwserv.svr/voll/lotus 
OWE Wea acerca etraas mere stcsassceteuer nes 

Primary:group = 3%: . 4% =. et) <xNONE 

Authorization 1st: G4 we 4 2 *NONE 


Type options, press Enter. 
1=Add user 2=Change user authority 4=Remove user 


Data --Object Authorities-- 

Opt User Authority Exist Mgt Alter Ref 
*NTWIRF *RWX X X X 

_  *NTWEFF *RWX X X X 
MERRY *R X X X 


Bottom 
Parameters or command 
===> 
F3=Exit F4=Prompt  F5=Refresh F9=Retrieve 
Fll=Display detail data authorities F12=Cancel F24=More keys 
ey COPYRIGHT IBM CORP. 1980, 1996. 


NetWare authority and ownership 


Files and directories in QNetWare are stored and managed by Novell NetWare servers. When you 
authorize users, the QNetWare file system changes the authority on the NetWare server; it does not 
maintain its own copy. User authorities that you set or retrieve are mapped between iSeries authorities and 
NetWare rights. 


When you display or change the authorities of owners or users, QNetWare maps NetWare users to iSeries 
users based on the user’s name. Trustee assignments for users that do not have an iSeries user profile 
are also mapped unless the NetWare name exceeds 10 characters. Where an owner’s name does not 
map to a valid iSeries owner, Q(DFTOWN is assigned. 


Trustee assignments for files and directories on the NetWare server are mapped to iSeries. This includes 
trustee assignments for groups, especially the group EVERYONE. The group EVERYONE is mapped as 
user “PUBLIC on iSeries. 

, describes NetWare rights and maps iSeries authorities those 
NetWare rights. 
shows which file attributes are set for owner permissions. 
maps iSeries authorities to NDS rights. 


iSeries authorities and NetWare rights 
NetWare files and directories are protected by these rights: 


Supervisor The right to all rights 

Read Open, read, and execute a file 

Write Open and write to a file or directory 

Create For directories, the right to create files and subdirectories. For files, the right to salvage a file 
after it has been deleted. 

Erase Delete a file or directory 

Modify Rename or change attributes 

File Scan File Scan 

Access control Change access rights 


The authority to write, delete, or rename a file is also controlled by NetWare file attributes. |“NetWare file 
mode support” on page 47|has more information. 
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iSeries authorities map to these NetWare rights, as follows: 


NetWare Rights 


iSeries File Access 
Authorities None Supr Read Write Scan Create Erase Modify Conirol 


“OBJOPR : : A ‘i Fi 
*OBJMGT X 
*OBJALTER X 

*OBJREF X 

*OBJEXIST 

*EXCLUDE X 

*AUTL 

*READ (*R) x 

*ADD (*“W) X 

*UPD (*W) X 

*DLT (*W) X 


*EXECUTE X 
(*X) 


Notes: 


¢ Supr is Supervisor authority 

¢ The iSeries *OBJOPR authority bit is turned on when a user has any data authority ("READ, *ADD, *UPD, *DLT, or 
*EXECUTE), but is not mapped explicitly to any specific NetWare right or rights. 

¢ The NetWare right of None is equivalent to iSeries “EXCLUDE authority. 

¢ The CHGAUT command does not allow you to set *ADD, *UPD, and *DLT authorities individually. Instead, you must 
set them all by specifying *W. However, the DSPAUT command displays the “ADD, *UPD, and *DLT authorities 
individually if a subset of them are granted to a trustee from a NetWare interface such as NWADMIN, NETADMIN, 
or FILER. 


NetWare file mode support 
NetWare uses file attributes to emulate file modes. This table shows which attributes are set for owner 
permissions. NetWare ignores Group and Others permissions. 


Table 3. NetWare file attributes for owner permissions 


Delete Rename 
Mode inhibited Hidden inhibited Read only System file Execute only 
None X X X X 
R X X X 
W X X X 
X X 
RW 
RX X X Xx 
WX X X X 
RWX 


iSeries authorities and NDS object rights 
NetWare Directory Services (NDS) objects are protected by these rights: 
Browse 

Grants the trustee the right to see the object's name in the NDS tree. 
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Create 
Grants the trustee the right to create a new directory services object within the container. 
Delete Grants the trustee the right to delete an object. 
Rename 
Grants the trustee the right to change the Name property for an object. 
Supervisor 
Grants all possible rights to the user object. 


Attribute rights are not mapped. These rights can exist for each attribute of an object and might differ for 
different attributes. This prevents the iSeries from working with attribute rights of NDS objects. Storage 
Management Services (SMS) rights, which control a user’s right to save and restore a file, directory, NDS 
object, or other NetWare resource, are not mapped either. These rights are architected by Novell but are 
not yet implemented. 


iSeries authorities map to NDS rights, as follows: 


Table 4. iSeries Authorities and NDS Rights 


AS/400 NDS Rights 


Authorities None Browse Create Delete Rename Supervisor 


“EXCLUDE X 


*“OBJOPR * * * ‘ 


*“OBJMGT 


*“OBJALTER 


*OBJREF X 


*OBJEXIST 
*“AUTLMGT 


*READ X 


*ADD X 


*UPD X 


*DLT x 


“EXECUTE X 


Note: The iSeries *OBJOPR authority bit is turned on when a user has any data authority (*“READ, *“ADD, *UPD, 
“DLT, or *EXECUTE), but is not mapped explicitly to any specific NetWare right or rights. 


Change file or directory ownership 


You can change the owner of a file or directory by using either Operations Navigator or the command line 
interface. 


From iSeries Navigator 

1. Expand your iSeries server —>File Systems —>Integrated File System —>QNetWare —> the name 
of the NetWare server. 

2. Right-click on the directory or file and select Permissions. 

3. Click on the Owner button. 

4. Expand the list of All Users, select the new owner from that list, and click OK. 


From the iSeries command line, use the CHGOWN command. For example, this command transfers the 
ownership of myfile from the current owner to NEWOWNER: 


CHGOWN OBJ('/QNetWare/server.svr/sys/myfile') NEWOWN(NEWOWNER) 
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Mount NetWare file systems 


To simplify access and improve performance, you might want to mount NetWare file systems that are 
located on NetWare servers on the “root” (/), QOpenSys, and other file systems instead of working with 
them under the /QNetWare directory. Otherwise, if you step through the QNetWare menus, iSeries searches 
every NetWare server on the network. Depending on the size of your network, this can be a slow process. 


Mounting file systems also allows you to take advantage of the options on the Add Mounted File System 
(ADDMFS) or MOUNT command. For example, you can as mount a read-write file system as read-only. 
(You must have *IOSYSCFG authority to use the ADDMFS or MOUNT command.) 


You can mount NetWare file systems by using an NDS path or by specifying a NetWare path in the form of 
SERVER/VOLUME:directory/directory. For example, to mount the directory NOTES, located in volume LOTUS 
on server OFFICE, you would use this syntax: 


OFFICE/LOTUS: NOTES 
This path syntax is very similar to the NetWare MAP command syntax. 


NDS paths can be used to specify a path to a NetWare directory but cannot themselves be mounted. You 
can mount by using NDS volume objects and directory map objects. 


Display information about particular file systems 


You can display information about a specific file system. For example, you might want to find out if it is 
mounted over or display information such as the file type, block size, caching values, and server code 
page. To display this information, you can use the Display Mounted File System Information (DSPMFSINF) 
command. You can also use iSeries Navigator. 


To display file system information with iSeries Navigator, do this: 

1. In iSeries Navigator, expand your iSeries server, then File Systems —>Integrated File System 
—>QNetWare —> the NetWare server. 

2. For information about a directory, click on the diretory in the left pane to select it, right-click and select 
Properties from the drop-down menu. 

3. To display the files in that directory, double-click on it. 

4. For information about a file, click on the file to select it; then right-click and select Properties from the 
drop-down menu. 


Copy objects 


You can copy objects to and from the QNetWare file system by using iSeries Navigator or by using 
integrated file system copy commands. You can copy QNetWare file system objects into other file systems 
that support stream files (for example, “root”, QOpenSys or QDLS). However, because no conversion is 
done, the resulting file in the QNetWare file system may not be useful. You can also copy objects within 
the QNetWare file system; that is, from one server to another. 


When you copy files between other file systems and QNetWare, the authorizations are also copied, if 
possible. Because a trustee assignment on a file or directory overrides any inherited rights, the result 
might be more or less authority than desired. After you perform a CPY or MOV, check the resulting 
authority by using the Display Authority (DSPAUT) command. You can find a complete list of integrated file 


system commands in the|Integrated file system articles. . 


You_can see these examples: 
¢ |Copying a file| that needs no conversion. 


¢ {Copying a database file] that has packed decimal fields that you must convert. 
* Copying and converting a database file by using an|ILE C for iSeries program. 
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Example: Copying a file to the QNetWare file system 


To copy a file to the QNetWare file system, you can use either Operations Navigator or the CPY 


command. However, because no conversion is done, the resulting file in the QNetWare file system may 
not be useful. You can see an example of|copying an iSeries database file} that requires conversion from 


the packed decimal format. 


Copying a file from iSeries Navigator: 

1. In iSeries Navigator, expand your iSeries server —>File Systems —>Integrated File System —> the 
file system that contains the file you want to copy to QNetWare. 

2. Click on the file you want to copy to select it; then right-click and select Copy from the drop-down 
menu. 

3. Expand the QNetWare file system, then the NetWare server. 

4. Click on the directory into which you want to copy the file to select it; then right-click and select Paste 
from the drop-down menu. 


Copying a file with the COPY (or CPY) command: 


To copy source physical file FILE1 in library LIBRARY1 with member MEMBER1 to the SYS: volume on 
NetWare server SERVER] in directory DTA, you would use this command: 


CPY 0BJ('/QSYS.LIB/LIBRARY1.LIB/FILE1.FILE/MEMBER1.MBR' ) 
TOOBJ (' /QNETWARE/SERVER1.SVR/SYS/DTA/MEMBERL . DAT') 
TOCODEPAGE (437) 

DTAFMT (*TEXT) 


This |disclaimer information|pertains to code examples. 


Example: Copying an iSeries database file that has packed decimal 
fields to the QNetWare file system 


Suppose you want to make an iSeries database file available to all NetWare users. If the database file is 
externally defined (using DDS) and has packed decimal fields, you cannot copy it directly to a file in 
QNetWare file system. You need to first copy it to a physical file; then you can copy it to a file in 
QNetWare. If fields are in packed decimal format, you need to create a logical file to convert the packed 
decimal fields to zoned decimal fields. The following example shows how to copy and convert a file that 


contains packed decimal fields. You can also see an example of how you might do this with an|ILE C fo 
[Series program 


The file in this example is in library DATALIB and has the name CUSTCDT. You can refer to these 


example displays: 
¢ |“Example: DDS for iSeries database file CUSTCDT” on page 52] shows the DDS description of this 


example file, which has packed decimal fields. 


¢ lf you are unfamiliar with DDS definitions, you can refer to|‘Example: DSPFFD of iSeries database file 


CUSTCDT” on page 53} which shows the output of the DSPFFD CUSTCDT command. 


“Example: Content of CUSTCDT database file display that Query for iSeries creates” on page 54 
“Example: DDS for logical file CUSTCDTL” on page 54 


To copy the CUSTCDT database file to the QNetWare file system, you would follow these steps: 


1. Create a directory in the QNetWare file system to use for storing iSeries database files. For example, 
to create a directory on server SRVNWOA, you would enter: 


MKDIR DIR('/QNetWare/SRVNWOA.SVR/SYS/DTA') 
DTAAUT(*INDIR) OBJAUT(*INDIR) CRTOBJAUD(*NONE) 


2. To convert packed decimal fields to zoned decimal: 
a. Create a logical file CUSTCDTL over CUSTCDT: 


CRTLF FILE(DATALIB/CUSTCDTL) SRCFILE(DATALIB/QDDSSRC) 
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CUSTCDTL is the name of the logical file, and DATALIB/QDDSSRC is the source physical file that 
contains the member CUSTCDTL. |“Example: DDS for logical file CUSTCDTL” on page 54] shows 


the DDS definition of such a logical file. 


Optionally, you can select a subset of fields you want to copy to QNetWare. Just put the fields you 
need into the logical file. You can also specify an ordering sequence on the logical file. 

b. To redefine packed decimal fields as zoned decimal, specify S for the data type for those fields. 
There is no need to specify other field definitions. The logical file is built over the physical file and 
copies all the field definitions from it. 

3. After you create the logical file, you can use it to copy the data to a program-described physical file. 
But first you must create the program-described physical file. To do that, you must know the record 
length of the logical file, because the program-described file must have the same record length. You 
can find the record length of the logical file by using the command: 


DSPFD FILE(CUSTCDTL) TYPE(*RCDFMT) 


The resulting display for the example logical file CUSTCDTL shows that it has a record length of 60: 


Record Format Level 
Format Fields Length Identifier 
CUSREC 60 3B84438D4C428 


Total number of formats 
Total number of fields 
Total record length 


4. Create the program-described physical file: 
CRTPF DATALIB/CUSTSTMF RCDLEN(60) 
5. Copy the logical file CUSTCDTL to the program-described physical file CUSTSTMF: 
CPYF FROMFILE(CUSTCDTL) TOFILE(CUSTSTMF) MBROPT(*ADD) FMTOPT(*NOCHK) 
FMTOPT(*NOCHk) is required because the record formats of the database files are different. 
6. Copy the program-described file CUSTSTMF into the QNetWare/SRVNWOA.SVR/SYS/DTA directory of 
the QNetWare file system that you created in step|1 on page 50 
a. On the iSeries command line, type CPYTOSTMF and press F4. The Copy to Stream File 


(CPYTOSTMF) display appears, as in this example: 
ie =~ 


Copy To Stream File (CPYTOSTMF) 
Type choices, press Enter. 
From database file member . . > '/QSYS.LIB/DATALIB.LIB/CUSTSTMF. FILE 
/CUSTSTMF.MBR' 
Tost ream Pile: s-5 0 eae ee EA > '/QNetWare/SRVNWOA.SVR/SYS/DTA/CUSTCDT.DAT' 
COPY sOPERONS ees she const kel cee wea *NONE *NONE, *ADD, *REPLACE 
Data conversion options ... *AUTO *AUTO, *TBL, *NONE 
Database Tile CCSID . «4 « » > 37 1-65533, *FILE 
Stream file codepage ...... > 850 1-32767, *STMF 
End of l'ine characters .... « « *CRLF *CRLF, *LE, *CR, *LPCR... 
Bottom 
F3=Exit F4=Prompt F5=Refresh F12=Cancel F13=How to use this display 
F24=More keys 
& y 


b. In the From database file member field, specify the path name of the CUSTSTMF 
program-described datasbase file : 
c. In the To stream file field, specify the path name of the stream file J. 
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In this case you would use the drive letter as a link to CUSTCDT.DAT. 

d. The default value for the Data conversion option causes iSeries to use the coded character set 
identifier (CCSID) equivalent of the stream file data code page and the database file CCSID to 
convert the data during the copy operation. To use your own translation table object instead, 
specify *7BL and enter the table name into the TBL parameter. fj 

e. If your database file has a CCSID of 65535, you must enter a valid CCSID code in the Database 
file CCSID field for your data to be correctly converted to ASCII. The values 0, 65534, and 65535 
are not valid to use with this command. [J 

f. In the Stream file code page field, specify the ASCII code page of the NetWare server to convert 
the data. To obtain the code page of server SRVNWOA, you would enter: 


DSPMFSINF OBJ('/QNetWare/SRVNWOA.SVR/SYS/DTA') 


This example converts the database file data from CCSID 37 to ASCII code page 850. fj 


7. Now you can access the data from a NetWare workstation. Map a drive to the SYS volume of server 
SRVNWOA and then change into the DTA directory of the mapped drive. 


8. You can now look at the data in CUSTCDT.DAT (use any DOS editor), and you will see that the file no 
longer contains any field information. The application that accesses the data must know the record 
structure. To put more field information into the stream file (Such as a field separator character), you 
must write your own program. 


Example: DDS for iSeries database file CUSTCDT 

The file in this example is in library DATALIB and has the name CUSTCDT. The DDS description of the file 
CUSTCDT shows that the fields CUSNUM, ZIPCOD, CDTLMT, CHGCOD, BALDUE, and CDTDUE are of 
type packed decimal. All other fields are of type character. 


as 

A R CUSREC 
A CUSNUM 6P 0 COLHDG('Customer number') 
A LSTNAM 8A COLHDG('Last name') 
A INIT 3A COLHDG('First/middle initial') 
A STREET 13A COLHDG('Street address') 
A CLT: 6A COLHDG('City') 
A STATE 2A COLHDG('State abbreviation') 
A ZIPCOD 5P 0 COLHDG('Zip code') 
A CDTLMT 4P 0 COLHDG('Credit limit') 
A CHGCOD 1P 0 COLHDG('Charge code') 
A BALDUE 6P 2 COLHDG('Balance due') 

T L "Credit due' 
a CDTDUE 6P 2 COLHDG('C ) ) 


If you are not familiar with DDS definitions, you can refer to 
for the output of the DSPFFD CUSTCDT command. 
shows the content of the CUSTCDT file 
which was created using an iSeries query. 
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Example: DSPFFD of iSeries database file CUSTCDT 


Display File Field Description 


Input parameters 
Filles rr eee tee tes vee ee yes 
Eq Gaye sucnecoyeomes ceniseres tens 

File Information 


Files e vette ree tiavevs wer aetencient 


EID Ga RVit ast cancan cote cceomrcnt 
Pile sOCatOMnine. eiotcd-codeass aay ce 
Externally described 
Number of record formats .. 
TYPO Ome TAN? ve coset ex So aes 
File creation date ..... 
Text: “description” 4. . 2. . 

Record Format Information 


CUSTCDT 
*LIBL 


CUSTCDT 
DATALIB 


Physical 
08/22/94 
Customer data 


Record thonmatcaccnsers: cach csabre Nec tetasunen eomecers CUSREC 

Format Vievell identitfiter v4 3. cae woe et 39C301DBCB10B 

Numbervofetielidss f2:0% acarcueorcs mengccae tere eeemes ll 

Record lengths occ i. ce ec cce Gee aa ae 5) See 51 

Field Level Information 
Data Field Buffer Buffer Field Column 

Field Type Length Length Position Usage Heading 

CUSNUM PACKED 6 0 4 1 Both Customer number 
Filed Gib OXt slsea ce trens secaicn ene tem canst ewe rns Aree Customer number 

LSTNAM CHAR 8 8 5 Both Last name 
RileiihGexitee epee: wes semester eur n ome siister ert eenes Last name 
Coded Character Set Identifier. ....: 37 

INIT CHAR 3 3 13 Both First/middle initial 
Bile dG Oxite fone seo sekcscg eo tec hey ca ee reeeee First/middle initial 
Coded Character Set Identifier. ....: 37 

STREET CHAR 13 13 16 Both Street address 
Field text eR ee Oe ire iar ea Street address 
Coded Character Set Identifier .....: 37 

CITY CHAR 6 6 29 Both City 
Field text PAPE Ratna ae Wnath te pratt eS City 
Coded Character Set Identifier .....: 37 

STATE CHAR 2 2 35 Both State abbreviation 
Field text aig ean Nea ae Ree State abbreviation 
Coded Character Set Identifier .....: 37 

ZIPCOD PACKED 5 0 3 37 Both Zip code 
Eledutext. gc cages eueeyiersse coe meth cs venraecxe Zip code 

CDTLMT PACKED 4 0 3 40 Both Credit limit 
Pi diEeXt2ttai c+ se cutesees “Seuuseess So fu cea Ss Credit limit 

CHGCOD PACKED 1 0 1 43 Both Charge code 
Fileldistext: cco ee HE ee Se Charge code 

BALDUE PACKED bie 4 44 Both Balance due 
Bile dCeXitaigcms caseec nr gcaee sn encue ear mrme omar: Balance due 

CDTDUE PACKED 6a 2 4 48 Both Credit due 
Bled Cexiteneurntclceees nccee epcaprat sta mec aes Credit due 
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Example: Content of CUSTCDT database file display that Query for iSeries creates 


Display Report 


REPORT WIDTH! i. 5. oc sot 96 
Position to line: . .. 4. = Shite tocolumn: a. sx. aa = 
ANG? Astecere Hevsvete Li ecareis Heroters 2 ocevenesh sieceiv dt ois cra At ocaisreoh sisters Dleresarectisrcreiel DiavaiatarMiatersie Mi alerathie cater svevete berels sisisistachs 
Customer Last name Init. Street address City State Zip Credit Charge Balance due Credit due 
number limit code 


000001 938472 Henning 
000002 839283 Jones 
000003 392859 Vine 
000004 938485 Johnson 


GK 4859 Elm Ave Dallas TX 75217 5,000 3 

BD 21B NW 135 St Clay NY 13041 400 1 

$$ PO Box 79 Broton VT 05046 700 1 

JA 3 Alpine Way Helen GA 30545 9,999 2 

000005 397267 Tyron WE 13 Myrtle Dr Hector NY 14841 1,000 1 

000006 389572 Stevens K L 208 Snow Pass Denver CO 80226 400 1 

000007 846283 Alison JS 787 Lake Dr Isle MN 56342 5,000 3 10.00 00 

000008 475938 Doe JW 59 Archer Rd Sutter CA 95685 700 2 250.00 100.00 

000009 693829 Thomas AN 3 Dove Circle Casper WY 82609 9,999 2 

000016 593029 Williams ED 485 SE 2 Ave Dallas TX 75218 200 1 

000011 192837 Lee FL 5963 Oak St Hector NY 14841 700 2 

000012 583990 Abraham MT 392 Mill St Isle MN 56342 9,999 3 
ort 


KkRKKK KKKKKKKK End of repor KRRKRERK 


Bottom 
F3=Exit F12=Cancel F19=Left F20=Right F21=Split F22=Width 80 e, 


iS 


Example: DDS for logical file CUSTCDTL 
- 


R CUSREC PFILE(CUSTCDT) 
CUSNUM S 
LSTNAM 


(Ga ae ee 
Q N 
es mS 
@D vu 
Q Q 
f=) f=) 
=) i=) 
ANNNN 


ee 


Example: ILE C for iSeries program to copy an iSeries database file to 
QNetWare File System 


Suppose you have a customer file that you want to make available to all NetWare users, and that file 


contains fields that need conversion from packed decimal format. |Example: Copying an iSeries database 


shows you how to copy and convert that file with a series of integrated file system commands. You can 
also copy and convert the necessary field by using an ILE C for iSeries program. Before you use 
integrated file system APIs on the QNetWare file system, you should be aware of some considioreione 
This sample program is not restricted to the QNetWare file system. You can use it to copy an iSeries 
database file into other file systems that the integrated file system supports. For example, you could 
change the hard-coded name of the stream file path to be the current directory: ./CUST.DAT. Before you 
run the program, use the CHGCURDIR command to change to the directory in which you want to create the 


stream file. However, you cannot copy this file into the QSYS.LIB file system because CUST.DAT is not a 
valid name for the QSYS.LIB file system. 


The file in this example is in library DATALIB and has the name CUSTCDT. You can refer to these 


example displays: 
¢ |“Example: DDS for iSeries database file CUSTCDT” on page 52! shows the DDS description of this 


example file, which has packed decimal fields. 


¢ lf you are unfamiliar with DDS definitions, you can refer to |‘Example: DSPFFD of iSeries database file 
[CUSTCDT” on page 59 


STCDT” on page 53} which shows the output of the DSPFFD CUSTCDT command. 
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¢ |“Example: Content of CUSTCDT database file display that Query for iSeries creates” on page 54 


The following ILE C for iSeries program, NWCUST, uses the external description of CUSTCDT. To convert 
the data from EBCDIC to ASCIl, it uses the system APIs from the service program QTQICONV. This 
service program provides APIs to convert a buffer of characters from one coded character set identifier 
(CCSID) into another CCSID. To create the stream file CUST.DAT, it uses the open(), write() and close() 
integrated file system APIs. 


This |disclaimer information|pertains to code examples. 


To create the ILE C for iSeries module and bind it to the QTQICONV service program to create the 
NWCUST program, you would use these commands: 


CRTCMOD MODULE(NWCUST) SRCFILE(QCSRC) OUTPUT(*PRINT) OPTION (*SHOWUSR) 
CRTPGM PGM(NWCUST) BNDSRVPGM(QTQICONV) 


1. Open the stream file with the integrated file system open() API. Refer to in|Figure 2 on page 56 
This function opens the stream file for write only (O_WRONLY flag). If the file does not exist, it is 
created (O_CREAT flag). If it exists, it is truncated to 0 bytes length (O_TRUNC flag). This ensures 
that the stream file is replaced every time the program runs. 

S_IRWXU sets file authority bits. 


S IRWXU 
Read, write, and search or execute for the file owner. 


The open() API requires authority bits to be set when the O_CREAT flag is set. 


S_IRWU is used to let you read and write to the file. |“NetWare file mode support” on page 47/has 


information about which attributes NetWare sets for owner permission. 
2. Build the buffer for the stream file record. Add a comma as the field delimiter J]. 


The sprintf() function converts all packed decimal data fields from the database file into characters 
and formats them correctly with the format-string, for example: "D(6.2)". 
3. Convert stream file buffer from CCSID 37 to CCSID 850 §. 


Function iconv() converts the stream file buffer to ASCII code page 850. Use the code page of your 
NetWare server. To determine the code page of the server, use the DSPMFSINF command. For 
example, to obtain the code page of directory SYSTEM in volume SYS of server NTWSERV1, enter: 
DSPMFSINF OBJ('/QNetWare/NTWSERV1.SVR/SYS/SYSTEM') 

4. Add ASCII carriage return and line feed as a record delimiter to the stream file buffer [J. The 
character string "\15\12" represents hex x’0DOA’ in octal form. 

5. Write the stream file buffer to the file using the Integrated File System write() API J. The library 
DATALIB, where the CUSTCDT database file is, has to be in the library list of the job from which you 
run the program. 


Here is the source listing for the example program: 
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KR RK KE SOURCE Kk KKK 


Line STMT 
aie tis Savers Diente stapes Di eiegs tele a alan Bisirecsré Wise ovsie Wee sisieca Wis eveaca' Die savenecs stein cael Gexeee Mesa tevea Wiotdhisterd ale vedas Biscae ate eke,eye Qieiecaoes ate aveasie 
1 /* This program copies the AS/400 database file CUSTCDT to a */ 1 
2 /* stream file in the QNetWare file system. It uses Integrated File System APIs to */ 2 
3 /* create and write the file. It converts the data from CCSID 37 */ 3 
4 /* to ASCII codepage 850 using the QTQICONV system API. */ 4 
5 5 
6 #include <stdio.h> 6 
7 #include <recio.h> 7 
8 #include <stdlib.h> 8 
9 #include <string.h> 9 
10 #include <decimal .h> 10 
11 #include <fcntl.h> 11 
12 #include <unistd.h> 12 
13 #include <qtqiconv.h> 13 
14 14 
15 /* Include the external definition of the database file CUSTCDT. */ 15 
16 16 
17 #pragma mapinc("custmf","CUSTCDT(cusrec)","input","_P") 17 
18 #include "custmf" 18 
1 /* ------- worn n nnn nnn nn nnn none nooo 2-2 2-2-2 2-2-2 = - = === ------ */ 19 9 
2 /* PHYSICAL FILE: DATALIB/CUSTCDT */ 20 9 
3 /* FILE CREATION DATE: 94/08/22 */ 21 9 
4 /* RECORD FORMAT: CUSREC */ 22 9 
5 /* FORMAT LEVEL IDENTIFIER: 39C301DBCB10B */ 23 9 
6 fee ES aes ae rs a eh */ 24 9 
7 typedef Packed struct { 25 9 
8 decimal( 6, 0) CUSNUM; /* Customer number */ 26 9 
9 /* PACKED SPECIFIED IN DDS */ 27 9 
10 char LSTNAM[8] ; /* Last name */ 28 9 
11 char INIT[3]3 /* First/middle initial */ 29 9 
12 char STREET[13]; /* Street address */ 30 9 
13 char CITY[6]; /* City */ 31 9 
14 char STATE[2]; /* State abbreviation */ 32 9 
15 decimal( 5, 0) ZIPCOD; /* Zip code */ 33 9 
16 /* PACKED SPECIFIED IN DDS */ 34 9 
17 decimal( 4, 0) CDTLMT; /* Credit limit */ 35 9 
18 /* PACKED SPECIFIED IN DDS */ 36 9 
19 decimal( 1, 0) CHGCOD; /* Charge code */ 37 9 
20 /* PACKED SPECIFIED IN DDS */ 38 9 
21 decimal( 6, 2) BALDUE; /* Balance due */ 39 9 
22 /* PACKED SPECIFIED IN DDS */ 40 9 
23 decimal( 6, 2) CDTDUE; /* Credit due */ 41 9 
24 /* PACKED SPECIFIED IN DDS */ 42 9 
25 }DATALIB_CUSTCDT_CUSREC_i_t; 43 9 
26 44 9 
19 #define _RCDLEN 100 45 
20 46 
21 int main(void) 47 
22 { 48 
23 /* Declare rcd, dta of data structure type DATALIB_CUSTCDT_CUSREC_i_t. */ 49 
24 /* The data structure type was defined from the DDS specified. */ 50 
25 51 
26 DATALIB_CUSTCDT_CUSREC_i_t rcd, *dta = &rcd; 52 
27 _RFILE *in; 53 
28 “RIOFB_T *fb; 54 
29 char dbred[_RCDLEN] ; 55 
30 char stmrcd[_RCDLEN] ; 56 
31 char *xdbfile = "CUSTCDT"; 57 
32 char «stmfile = "QNetWare/SERVER.SVR/VOLUME/DATA/CUST.DAT"; 58 
33: int fildes, stmlen; 59 
34 60 


Figure 2. Example: ILE C for iSeries program using integrated file system APIs (Part 1 of 3) 
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Figure 2. Example: ILE C for iSeries program using integrated file system APIs (Part 2 of 3) 
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Figure 2. Example: ILE C for iSeries program using integrated file system APIs (Part 3 of 3) 


oo 


IN) ee 
DBOONDONEWNHE 


i) 
a 


23 
24 


26 


} 


/* Declare necessary variables for code conversion CCSID 37 to 850. */ 


char fromcode[32] = "IBMCCS1D000370000000"; 
char tocode[32] = "IBMCCSID00850"; 

char *ibuf, *obuf; 

iconv_t cd; 

size_t jlen, olen; 


/* Open and create the stream file using the open() Integrated File Sys 


fildes = open( stmfile, O_WRONLY|O_CREAT|O_TRUNC, S_IRWXU ); 
if (fildes == -1) 
{ 


printf ( "Open to stream file %s failed\n", stmfile ); 


exit (1); 
} 
else 
{ 
/* Open the database file for processing in arrival sequence. */ 
if (( in = _Ropen( dbfile, "rr, arrseq=Y" )) == NULL ) 
{ 
printf ( "Open to database file %s failed\n", dbfile ); 
exit (1); 
else 
{ 
/* Open a code conversion descriptor for CCSID 37 to 850 */ 
/* conversion. */ 


cd = iconv_open( tocode, fromcode ); 


fb = Rreadn( in, dta, in->buf_length, _ DFT ); 
while ( fb->num_bytes != EOF ) 


{ 
/* Create the buffer for the stream file. Each field will be 
/* separated by a comma. 
ilen = sprintf( dbrced, "2D(6,0),", rcd.CUSNUM ) 
jlen += sprintf( dbrcdtilen, "%8.8s,", rcd.LSTNAM ); 
jlen += sprintf( dbrcdtilen, "%3.3s,", red. INIT); 
ilen += sprintf( dbrcdt+ilen, "%13.13s,", rcd.STREET ); 
jlen += sprintf( dbrcdt+tilen, "%6.6s,", red.CITY ); 
jlen += sprintf( dbrcdtilen, "%2.2s,", rcd.STATE ); 
ilen += sprintf( dbrcdtilen, "%D(5,0),", rcd.ZIPCOD ) 
ilen += sprintf( dbrcdt+ilen, "%D(4,0),", rcd.CDTLMT ); 
ilen += sprintf( dbrcdtilen, "%D(1,0),", rcd.CHGCOD ) 
ilen += sprintf( dbrcdt+ilen, "%D(6,2),", rcd.BALDUE ); 
ilen += sprintf( dbrcdt+ilen, "%D(6,2)", rcd.CDTDUE ) 
/* Set pointers for CCSID 37 to CCSID 850 conversion. 
/* Use the iconv() function to convert the data. 
mien = olen = ilen; 


buf = &dbrcd[0]; 
buf = &stmrcd[0]; 
conv( cd, &ibuf, &ilen, &obuf, &olen ); 


+o -4W 


/* Add ASCII carriage return and line feed. 


stmlen += sprintf( stmrcd+stmlen, "\15\12" ); 


/* Write the buffer to the stream file using the Integrated File 
if (( write( fildes, stmrcd, stmlen )) == -1 ) 


printf ( "Write to stream file %s failed\n", stmfile ); 
exit (1); 


}; 
fb = _Rreadn( in, dta, in->buf_length, _ DFT ); 
i 
iconv_close( cd ); /* Close data conversion descriptor. */ 
_Rclose( in ); /* Close the database file. */ 
}; 
close( fildes ); 


iS 


/* Close the streamfile. */ 


«eee * END OF SOURCE *** 
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shows the contents of the stream file CUST.DAT after the NWCUST program has run and created 


it. 


a > 
[C:\]type \\J:cust.dat 
938472,Henning ,G K,4859 Elm Ave ,Dallas,1X,75217,5000,3,37.00,0.00 
839283,Jones ,B D,21B NW 135 St,Clay ,NY,13041,400,1,100.00,0.00 
392859, Vine »S S,PO Box 79 »Broton,VT,5046,700,1,439.00,0.00 
938485, Johnson ,J A,3 Alpine Way ,Helen ,GA,30545,9999,2,3987.50,33.50 
397267,Tyron ,W E,13 Myrtle Dr ,Hector,NY,14841,1000,1,0.00,0.00 
389572,Stevens ,K L,208 Snow Pass,Denver,C0,80226,400,1,58.75,1.50 
846283,Alison ,J S,787 Lake Dr ,Isle_ ,MN,56342,5000,3,10.00,0.00 
475938, Doe »J W,59 Archer Rd ,Sutter,CA,95685,700,2,250.00, 100.00 
693829,Thomas ,A N,3 Dove Circle,Casper,WY,82609,9999,2,0.00,0.00 
593029, Williams,E D,485 SE 2 Ave ,Dallas,1X,75218,200,1,25.00,0.00 
192837,Lee >F L,5963 Oak St ,Hector,NY,14841,700,2,489.50,0.50 
583990,Abraham ,M T,392 Mill St ,Isle ,MN,56342,9999,3,500.00,0.00 
Gs 
E \] eA 


Figure 3. Content of CUST.DAT from a for DOS or OS/2 TYPE command 


In this example, the J: drive was mapped to SERVER: VOLUME\DATA using the NetWare client. 


Because the fields in CUST.DAT are separated by a comma, it is very easy to incorporate the file into a 
spreadsheet application. 


Considerations for using integrated file system APIs on the QNetWare 
file system 


In addition to the Integrated File System commands and menus, OS/400 provides APIs that enable ILE C 
for iSeries programs to perform functions on files and directories in all file systems. The Integrated File 
System APIs are very useful for integrating the iSeries database with NetWare Enhanced Integration data. 


You can find information about ILE and ILE C for iSeries in the book|ILE Concepts, 5041-5606, ; 


When you use Integrated File System APIs on the QNetWare file system, you need to know that these C 
language functions are not supported on the QNetWare file system: 


givedescriptor() Give file access to another job 
link() Create link to file 

readlink() Read value of symbolic link 
symlink() Make symbolic link 
takedescriptor() Take file access from another job 


In addition to the previous APIs, you cannot use the following APIs against NDS objects, servers, or 
volumes: 


chmod() Change file authorizations 

chown() Change owner and group of file 

create() Create new file or rewrite existing file 
fchmod() Change file authorizations by descriptor 
fchown() Change owner and group of file by descriptor 
fentl() Perform file control action 

ftruncate() Truncate file 

Iseek() Set file read/write offset 

mkdir() Make directory 
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read() 
readv() 
unmask() 
write() 
writev() 


Read from file 

Read from file (vector) 

Set authorization mask for job 
Write to file 

Write to file (vector) 


You can see anjexample program] that copies an iSeries database file to QNetWare File System. 
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Chapter 10. Save and restore NetWare data from the 
QNetWare directory 


You can save and restore individual NetWare objects such as volumes, directories, or files in the 
QNetWare directory, or you can save the entire QNetWare directory. You can also save resources that are 
located in the SAV.RST directory. 


If you save NetWare volumes, files, and directories from NetWare servers or NDS trees in QNetWare, you 
can selectively restore NetWare data to the same location or to a different location. However, you cannot 
restore compressed objects to a NetWare volume that either does not specify data compression or does 
not support data compression. If you save resources in SAV.RST, you cannot restore data selectively or to 
a different location from which the data was backed up. 


You_can find information about saving and restoring your NetWare data in these topics: 
Saving NetWare data|tells you how to save your NetWare data to a file. 
Restoring NetWare datajtells you how to restore the data from that file. 


Backup, recovery, and availability) provides information about backing up your applications on iSeries. 


* More information about recovering your system is available in the book[Backup and Recovery| . 
Save NetWare data through the QNetWare directory 


You can save NetWare volumes, directories, or files in the QNetWare directory. You can also save NDS 
objects, such as organizations and organizational units. To save NetWare objects in the QNetWare 
directory, do this: 

1. If you are saving NetWare objects to a file, create one or more files for storing the NetWare objects 
that you plan to back up. To do this, on an iSeries command line, type CRTSAVF FILE(mylib/mysave) 
TEXT('My Save/Restore File') and press Enter. 

In this example, mylib is the name of the library in which your save file will be created and mysave is 
the name of your save file. 

2. If you have an authentication entry, skip to step |4| Otherwise, start an authenticated connection to the 
NetWare server that has the objects you want to save by entering: 

STRNTWCNN SERVER('docserv') CNNTYPE(*SAVRST) 


If your NetWare user name does not match your iSeries profile, you must also specify the NTWUSER and 
PASSWORD parameters. 
3. When iSeries starts the connection to NetWare, you can press F10 to see the types of connections 
started: 
Started *USER connection 1 to server docserv. 


Started *SAVRST connection 1 to server docserv. 
Started connection to server docserv. 


Note that you must have a *SAVRST connection to the server before you can save or restore NetWare 
objects. 
4. Type SAV and press F4 to see the Save Object display shown here. 


In this example, iSeries will save volume myvol on NetWare server docserv. 
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Save Object [SA] 


slLibeHyLibsLlib 


—— 
18-837 
, fata I 


Figure 4. Save Object display 


* If you want to save specific directories or files in the volume, just add them to the path. For 
example, to save all files and directories that start with the characters JEAN, type the following for the 
Name parameter: 


‘qnetware/docserv.svr/myvol/jean*' 


Note: If you use pattern-matching characters and the beginning of a directory name matches these 
characters, iSeries saves both the directory and all the files in that directory. 
* If you want to save NetWare resources such as NetWare volumes or all NDS objects in a NetWare 
4.x or 5.x tree, use SAV.RST in the path. For example, to save myvol, you would type this for the 
Name parameter: 
‘qnetware/sav.rst/abc.svr/myvol/' 
5. Press F10 to see additional parameters and then press Page Down. 
6. Change the Clear parameter to *ALL. This ensures that iSeries overwrites any existing data in the save 
file during the save operation. 


To display the save file after iSeries backs up the NetWare objects, type DSPSAVF FILE(mylib/mysave) and 
press Enter. 


Use option 5 to display the objects that were saved to the file. 


Restoring NetWare data through the QNetWare directory 
You restore NetWare objects very much as you saved them. For example, if you|saved NetWare objects|to 


a save file, you will restore the objects from the save file. 

1. Start an authenticated connection to the NetWare server on which you need to restore NetWare 
objects by typing STRNTWCNN SERVER('docserv') CNNTYPE(*SAVRST) and pressing Enter. 
If your NetWare user name does not match your iSeries profile, you must also specify the NTWUSER and 
PASSWORD parameters. 

2. Type RST and press F4 to see the Restore Object display. 


In this example, iSeries will restore volume myvol on NetWare server docserv. 
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Figure 5. Restore Object display 


The time to restore the NetWare objects varies, depending on whether you saved storage spaces or 
individual files and directories. If you want to monitor the restore process, use the NetWare Monitor utility 
at the server console. 
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Chapter 11. Print from iSeries to NetWare printers 


When you have NetWare Enhanced Integration installed, you can print from iSeries to a NetWare printer 
that uses the standard NetWare print support and an iSeries remote output queue and remote writer. (You 
cannot print from a NetWare server to an iSeries printer. However, other features are available to provide 


this support, such as HostPrint/400.) For conceptual information about how this printing environment 
works, refer to}“iSeries-to-NetWare printing environment” 


printing to NetWare printers, do this: 
1. |Set up NetWare print support 


2. |Start the print server function 
3. Also see how you canjuse multiple NetWare print queues 


4. |Create an output queuelon iSeries. If you do not direct iSeries to automatically start writers to the 
output queue when you create it, you also need to 


To enable 


iSeries-to-NetWare printing environment 


When you print from iSeries to a remote NetWare printer, you use the standard NetWare print support and 
an iSeries remote output queue and remote writer. 


As the following example shows, NetWare uses a print queue, a print server, and a printer to allow 
workstations to print to a network printer. The print queue is the object that temporarily holds the print job 
file until the job prints. The print server provides the service of sending the print job to the printer. The 
print server monitors the print queue and the printer. 


Ethernet 
Network 


NPRINTER.EXE 


Figure 6. iSeries-to-NetWare Printing Environment 
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In this environment, an iSeries user (J) requests print services from the NetWare server. The print job 
file goes to the iSeries remote output queue (J). The Remote Writer for that output queue then sends 
data to the NetWare print queue (f]]). The NetWare server acts as the print server and monitors the print 
queue as well as the printer. When the printer can process the job, the server sends the print job to the 
assigned printer ( [j). 


As each user’s spool job is processed on the output queue, iSeries authenticates a connection for the user 


to the appropriate server. Each user must either have a NetWare authentication entry (described in 
Chapter 6, “Manage NetWare server connections and authentication” on page 21) or use the 


STRNTWCNN command to start a NetWare connection manually. 


Ideally, users have an authentication entry that authorizes them to the specified NetWare print queue. The 
easiest way to set this up for your users is with You can automatically set up your iSeries 
users in the NDS tree where the print queue object is. 


If users do not have an authentication entry, they must specify AUTJOB(*ANY) on the STRNTWCNN 
command when they start a connection to NetWare. The writer job uses that connection to print the file on 
NetWare. 


Set up NetWare print support 


To set up NetWare print support, you need to create a print server, printer, and print queue on the 
NetWare server. To do this, you use the NWADMIN utility: 
1. Log in to the NetWare server as user ADMIN. 
2. Double-click the NetWare Administrator icon to get to the NetWare Administrator window. 
3. Click the organization or organizational unit where you want to create the printer, print queue, and 
print server objects. (For example, the organizational unit could be the integrated file system.) 
Create the print queue. 
4. Click Object from the menu and then click Create... 
5. Scroll down the list and then double-click Print Queue to see the Create Print Queue display. 
6. Click the radio button to refer to a bindery queue. 
7. Type the Print Queue Name and the Print Queue Volume. You can click the box next to the Print 
Queue Volume field to list valid volumes. Click CREATE to create the queue. 
Create the printer object. 
8. Click Object from the menu and then click Create... 
9. Scroll down the list and then double-click Printer to see the Create Printer display. 
10. Type the printer name, select Define Additional Properties, then click CREATE. 
11. Select Assignments; then click ADD for list of available queues. Select queue; then double-click or 
select OK. Select OK again to create the printer object. 
Create the print server. 
12. Once again, click Object from the menu; then click Create... 
13. Scroll down the list and then double-click Print Server to get the Create Print Server display. 
14. Type the print server name, select Define Additional Properties, and then click CREATE. 
15. Click ADD for list of available printers. Select printer; then double-click or select OK to confirm your 
selection. 


Once you have created a ; rint oor si and print queue, you need to/jstart the print server function 


If you want to use |multiple print queues|on the NetWare server, read how to create additional print 
queues. 


Start the print server function 


After you |set up print support} you need to start the print server function: 


1. Load the PSERVER.NLM on the server and specify the print server object name in the correct context. 
For example, Enter: LOAD PSERVER .CN=PRTSERVER.OU=AS400.0=NW, where NW is the organization, 
iSeries is the organizational unit, and the print server object name is PRTSERVER. 
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2. Start the NPRINTER.EXE on the workstation that owns the printer. For example, enter: NPRINTER 


.CN=PRINTER1.OU=AS400.0=NW. 


Once you have started the print server function, you are ready to|create an output queue on iSeries. 


Use multiple NetWare print queues 


If you want to use more than_one print queue on the NetWare server, you can create additional queues. 


NWADMIN utility to set up printing 


You do this after using the 


To create additional print queues: 
Select Print Queues from the NetWare Print Console display. 


— 


2 
3: 
4 


1 


SOMN 


Press Insert on the Print Queue display. 
Specify a new print queue name and volume. 


Press Enter to view the print queue information, as this example shows: 


‘NetWare Print Console 4,10 Saturday December 11.1997 15:27 \ 


Context: nw 


Print Queues 


Print Queues 
Printers 
Print Servers 


Change Context 


= 


Print Queue Information 


Print Jobs 

Status 

Attached Print Servers 
Information 

User 

Operations 

Print Server 


Press Enter to view a list of print servers assigned to service 


\ this print queue. 


Press Enter to view the list of print servers. Then press Insert to select a print server to add. 
Selecting a print server makes a link between the queue and the server. 

If you want to grant rights to users for this print server, select Users from the Print Queue 
Information. For more information on granting users rights, see the Novell NetWare Print Services 


book. 


From the Available Options menu, select Print Servers, select the print server, then select Printers. 
From the Serviced Printers display, select a printer and press Enter. 
Move your selection cursor to the Print Queues assigned field and press Enter. 


Press Insert to select the additional queue to add. 


If your print server is active, the additional queue you added does not appear. You must select the queue. 
For more information on printing, see the Novell NetWare 4.1 books, Print Services, 74G1439, and 
Workstation Basics and Installation, 74G1442. 
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Create an output queue on iSeries for NetWare printers 


Before you can print from iSeries to NetWare printers, you must create an output queue on iSeries. To do 
this, you use the Create Output Queue (CRTOUTQ) command: 
1. On the iSeries command line, type CRTOUTQ and press F4. The Create Output Queue display appears. 
2. In the Output queue field, specify a name for your queue. 
3. In the Remote system field, specify the NDS tree name. 


For NetWare 4.1 and 5.0, if you}defined network server attributes} you can use the special value 


*“NWSA to have iSeries retrieve the tree value you defined. (The command DSPNWSA 
OPTION(*NETWARE) shows you this value.) 

4. In the Remote printer queue field, specify the NetWare printer queue name. This value can be a 
distinguished name that begins with a period. 


For NetWare 4.1 and 5.0, if you|defined network server attributes} you can also use a partial name 


(that does not begin with a period). iSeries uses it in conjunction with the NDS context attribute to 
form the distinguished name of the NetWare print queue. 
Page Down to display the next page. 
In the Connection type field, specify *IP. 
In the Destination type field, specify for NetWare 4.1 or 5.0. The value for the destination type 
should be *NDS. 
8. Change the Manufacturer type and model to match your printer. 
9. You might want to select one of these destination options: 
*NOWAIT 
Select this option if you want the spool file to be removed from the iSeries output queue as 
soon as the entire file goes to the NetWare queue. Otherwise, the spool file remains in the 
iSeries output queue as long as it is in the NetWare queue (until the file prints or is deleted 
with a NetWare utility). The owner of the spooled file must be enrolled as a NetWare user. 
*BANNER=2’ text 
You can specify up to 12 characters that you want to print on a NetWare banner page. The 
banner page, which precedes the NetWare print job, also prints the user name. 


NO 


Note: You must type *BANNER in uppercase letters, enclose the text in single quotes, and 
make sure that there are no spaces before or after the equal sign. 

10. You might also want to specify a value other than *NONE in the Autostart writer field to have 
iSeries automatically start writers to this output queue. Valid values range from 1 to 10. Otherwise 
you must rranualy tart wtersiatter creating the output queue. 

11. Change any other values that you want or use the defaults. Then press Enter to create the remote 
output queue. 


Unless you are|starting writers} manually, you should be ready to print from iSeries to a NetWare printer. 
iSeries sends spooled output files to the remote printer queue on the NetWare network. 


The NetWare server receives the files in a print queue. For information on how to print jobs from NetWare 


print queues, refer to|Novell NetWare documentation aD 


Start writers to the output queue 


If you did not direct iSeries to automatically start remote writers to the output queue when you created it, 
you need to take one additional step. To begin sending spooled output files from your remote output 
queue, enter the Start Remote Writer (STRRMTWTR) command: 

1. On the iSeries command line, type STRRMTWTR and press F4 (prompt). 

2. Specify the name of your remote print queue in the Output queue field. 


Now you should be ready to print from iSeries to a NetWare printer. iSeries sends spooled output files to 
the remote printer queue on the NetWare network. 
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The NetWare server receives the files in a print queue. For information on how to print jobs from NetWare 


print queues, refer to|Novell product documentation for NetWare uD 
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Chapter 12. Troubleshoot NetWare Enhanced Integration 


When you run NetWare Enhanced Integration, you are most likely to have trouble either enrolling users 
and getting them successfully connected to a NetWare server or working with the QNETWARE file system. 


Troubleshooting user enrollment problems: 


If your have trouble with user enrollment, you can find helpful information in the QNETWARE and 
QPRFSYNCH job logs and in error codes. You can find helpful information in these topics: 

“User enrollment error codes” on page 72|lists error codes and suggests solutions to the problem. 
“Troubleshoot connection problems” on page 74 


“Troubleshoot system operator rights problems” on page 75 


“Troubleshoot communication problems” on page 75 


Troubleshooting QNETWARE file system problems: 


If you have problems with the QNETWARE file system, see the topic |“Troubleshoot QNETWARE file 
system problems” on page 75 


View job logs to analyze problems 


When you are analyzing problems with NetWare Enhanced Integration, you will find the QNETWARE and 
QPRFSYNCH job logs helpful. 


QNETWARE job log: 


The QNETWARE job handles the NetWare profile enrollment requests. The QNETWARE job, which runs 
in the QSYSWRK subsystem under the QSYS profile, logs error messages received during all profile 
enrollment operations. Most errors are written to the QNETWARE job log; more severe errors are written 
to the QSYSOPR message queue. 


To view the status of the QNETWARE job, and to obtain a list of previous QNETWARE jobs: 
1. On the iSeries command line, type WRKJOB QNETWARE and press Enter. 
2. Specify option 1 (Select) next to the active QNETWARE job. 


Note: QNETWARE jobs that have previously ended are included in this display only if the 
QGPL/QBATCH *JOBD specifies LOG(4 00 *SECLVL). 

3. When the Work with Job display appears, select option 10 to view the job log. 
This job runs when you install NetWare Enhanced Integration. Even if iSeries user profiles are not 
enrolled, the QNETWARE job runs to handle periodic requests for the QNetWare file system. |“Details:] 
Events that start the QNETWARE and QPRFSYNCH jobs” on page 72!/has details about events that start 
the QNETWARE job. 
QPRFSYNCH job log: 
The QPRFSYNCH job (program QSYS/QFPAPRFy) is used to evaluate user profile create or change 
requests, and to determine if the requests require enrollment on any NetWare servers. If enrollment is 
required, this job notifies the QNETWARE job of the necessary work to be done. 
This job runs in these situations: 


¢ When you define iSeries group or user profiles to enroll them on NetWare (or other) servers 
¢ When you install NetWare Enhanced Integration 
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Even if iSeries group or user profiles are not enrolled, the QPRFSYNCH job runs to handle periodic 
requests for the QNetWare file system. 


To view the status of the QPRFSYNCH job, and to obtain a list of previous QPRFSYNCH jobs: 
1. On the iSeries command line, type WRKJOB QPRFSYNCH and press Enter. 

2. Specify option 1 (Select) next to the active QPRFSYNCH job. 

3. When the Work with Job display appears, select option 10 to view the job log. 


“Details: Events that start the QNETWARE and QPRFSYNCH jobs”|has details about events that start the 


OQPRFSYNCH job. 


Details: Events that start the QNETWARE and QPRFSYNCH jobs 


When the QSYSWRK subsystem starts, an autostart job (QFSIOPJOB) runs and submits both the 
QNETWARE and QPRFSYNCH jobs to run in this subsystem if needed. 


If either job ends, it restarts automatically when one of these actions occurs: 

* You start the QSYSWRK subsystem and install NetWare Enhanced Integration or enroll iSeries group or 
user profiles. 

¢ You use option 6 (Retry entry) for any group or user profile on the Work with NWS User Enrollment 
display. The entry can be in a “CURRENT state or any other pending or failed state. 

* You change the enrollment of a group or user profile on NetWare (by using the CHGNWSA or 
CHGNWSUSRA command). 

* You set or change one of these values for a user or group that is enrolled to NetWare (by using the 
CRTUSRPRF, CHGUSRPRF, or RSTURSPRF command): 
— Password 
— Password expiration date 
— Password expiration interval 
— Status (enabled or disabled) 
— Text description 


Note: Password information does not apply to group profiles. 
¢ You change the password (with the CHGPWD command) for a user profile that is enrolled on NetWare. 
* You delete a user profile (with the DLTUSRPRF command) that was previously enrolled on NetWare. 


The QNETWARE and QPRFSYNCH jobs remain active while the QSYSWRK subsystem is active. There 
are no user interfaces (other than the ENDJOB and ENDSBS commands) to end these functions. Their 
role is to remain active in these situations: 

¢ When any profile enrollment requests are active or pending 

¢ When you install NetWare Enhanced Integration even though you are not enrolling profiles 


User enrollment error codes 


If an error code appears, use option 16 to view the error message that is associated with the error code. 
Although the message text associated with the error appears, substitution text, such as the server name, 
does not. However, when the message goes to the QNETWARE job log, the substitution text does appear. 


Some error codes have a one-to-one relationship with an associated error message. Many of the 
NetWare-specific messages, however, simply show the NetWare error code, with a generic message that 
indicates an error occurred while calling a NetWare function. In this case, the error message has some 
explanatory text for some of the common NetWare errors. Not all errors, however, are described in the 
message text. 


These error codes might appear: 


Negative error code 
These error codes generally indicate some sort of communication error while trying to send 


72 iSeries: NetWare on iSeries 


0-999 


6000 


6001 


requests to a NetWare server. Generally, only the final error appears. If you know that a server is 
inactive, this probably explains the error. If you think that a server is running properly, look in the 
QNETWARE job log} for related error messages that might help isolate the problem. 

Error codes returned from NetWare function calls. 

216 The password is too short. Change the password on iSeries to a longer value. 

220 The account is disabled. Re-enable the QNETWARE profile on the NDS tree. 


238 Another object already exists with the same name as the profile that you are propagating. 
Either end propagation of the profile from the iSeries side, or rename the matching object 
from a NetWare client. 


242-254 
The QNETWARE profile on the NDS tree does not have sufficient access rights to make 
the necessary user or group object changes. From a NetWare client, make sure that the 
QNETWARE profile has the authority to process user and group objects. You can do this 
by making the object an ADMIN user or the security equivalent to an ADMIN user. 


333 Indicates that a connection failure has occurred. If this error occurs, end the QNETWARE 
job. Then restart it by issuing a Retry entry option from the WRKNWSENR status display 
for the failing profile. 


601 This normally indicates that you specified an incorrect NDS context. Check for the profile 
in error by looking at the NDS context field of the CHGNWSUSRA command. If you 
specified *NWSA in the CHGNWSUSRA command, check the NDS context field in the 
CHGNWSA command. 


606 Another object already exists in the NDS tree with the same name as the profile you are 
propagating. Either end propagation of the profile from the iSeries side, or rename the 
matching object from a NetWare client. 


611 You specified an incorrect container name. Check the NDS context field for the failing 
group or user profile. 


637 You are attempting an update or delete operation to a user or group profile that has a 
move in progress. Usually this means that replication of an NDS tree has not yet 
completed. If the operation changes to an *UPDFAIL or *DLTFAIL status, use the Retry 
entry option on the WRKNWSENR status display for the failing profile. 


654 A NetWare partition is busy. If the operation goes to a status of *UPDFAIL or *DLTFAIL 
before the error clears, retry the operation. Use the Retry entry option on the 
WRKNWSENAR status display for the failing entry. 


668 You specified an incorrect container name. Check the NDS context field for the failing 
group or user profile. 


669 The password is not correct. 


672 The QNETWARE profile on the NDS tree does not have sufficient access rights to make 
object changes to the group or user. From a NetWare client, make sure that the 
QNETWARE profile has the authority to process group and user objects. Do this by 
making the object an ADMIN user or the security equivalent to an ADMIN user. 

Occurs when trying to send a request to an NDS tree. It indicates that the context for the 

QNETWARE profile in the tree cannot be determined. To correct the error, either use the 

ADDNTWAUTE command to|create a NetWare authentication entry] for the QNETWARE profile in 

the tree, or use the CHGNWSUSRA command to define such a context. 

There is no QNETWARE profile on iSeries. Use the CRTUSRPRF command to create the profile. 

This profile is automatically created when NetWare Enhanced Integration is installed, but a system 

administrator might have deleted it. 
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6002 


6003 


6004 


6005 


6006 


6007 


6008 


6009 


6011 


6012 


An error occurred while trying to access the QNETWARE profile enrollment information. The profile 
object is either locked by another job or damaged. If the profile object is damaged, create the 
QNETWARE user profile again. 

The user enrollment task could not contact the requested server in an NDS tree. Either the servers 
are inactive, or they are not running the NetWare Enhanced Integration NLM. To recover, start the 
inactive servers or load the NetWare Enhanced Integration NLM. 

An authentication error occurred while trying to log in the QNETWARE user to a server. Either the 
QNETWARE profile does not exist on the tree or server, or the iSeries password information does 
not match that currently on the NetWare server or NDS tree. Either change the iSeries password 
information to match the server, or change the QNETWARE password from a NetWare utility such 
as NWADMIN. 

An unexpected communication error occurred while trying to connect to a NetWare server. Look in 
the QNETWARE job log for more detailed errors that might help diagnose the problem. 

An error occurred while trying to get the QNETWARE authentication information. Use the 
ADDNTWAUTE command to add an authentication entry for the QNETWARE profile. If one 
already exists, there may be some damage, so delete and re-create the QNETWARE profile. 

An error occurred trying to retrieve user or group profile enrollment information. Try the operation 
again. If the error persists, the profile may be damaged. Either create the user profile again, or 
restore the profile from a saved version. 

An error occurred while trying to create an authentication entry for an iSeries profile. Try the 
operation again. If the error persists, look in the QNETWARE job log for any related errors that 
might indicate the source of the problem. 

An error occurred while trying to update the status of a profile on a server. Try the operation again. 
If the problem persists, either delete and then re-create the profile or restore the profile from a 
saved version. 

No password is available for the user profile. This error occurs when the QRETSVRSEC system 
value is set to 0, meaning that iSeries does not retain security information. In this situation, 
passwords can only be retrieved when the password is actually changed, or the user signs on to 
the system. 


For example, this errror might occur if you create a new group profile to enroll all the group 
members on a NetWare server. If the QRETSVRSEC system value is set to 0, passwords for the 
group members are not immediately available, so the 6011 error appears for all the group 
members. If one of them signs on to iSeries, the system automatically captures the password 
information and resolves the 6011 error. Until the user signs on, or the password is changed using 
the CHGPWD or CHGUSRPRF command, this profile remains in a pending state. 


This error can also occur if the user password has not changed since you set the QRETSVRSEC 
system value to 1. To resolve the error, either have the user sign on to iSeries, or change the 
password by using the CHGPWD or CHGUSRPRF command. 

A profile update request was sent to a server, but no response was returned within 10 minutes. 
The iSeries retries the operation. If the error persists for a particular user, check the detailed error 
messages in the QNETWARE job log for more information. 


Troubleshoot connection problems 


Message FPE0232 - User not connected to server 


If you get this message, read the second level online help. Usually the problem is that there is not an 
authentication entry in the user profile for the specified server. To confirm this, look at the previous 
messages. 


° Ifthe previous diagnostic error is FPE0215, an authentication entry does not exist. You need to [create] 
an authentication entry 


¢ lf the previous diagnostic error is FPE0234, an authentication entry exists, but the password in the 
authentication entry is *“STRNTWCNN. This can happen if it is purposely set this way or if iSeries 
remains set to not store passwords in the authentication entry. To establish a connection, you can 
either: 
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— |Enable iSeries to automatically start} authenticated connections by changing the QRETSVRSEC 


system value to save passwords. After doing this, you need to update the authentication entries with 
the correct password by using the WRKNTWAUTE command. 
— |Manually start a connection] and specify the password. This is only active for the current session. 
Troubleshoot system operator rights problems 


Some errors indicate that a user without operator rights to the NetWare server is trying to run a command 

that requires those rights. 

¢ Error FPEO23F indicates that the user needs operator rights to enter the End NetWare Connection 
(ENDNTWCNN) command. 

¢ Error CPFA448 indicates that the user needs operator rights to enter the Submit Network Server 
Command (SBMNWSCMD) command. 


To give the user the rights to do this function, you must add the user to the system object in the NDS tree. 
* For NetWare 4.1 servers, use the NetWare NWADMIN utility to find the system object for your NetWare 
server and then update the operator list for this object. 


Troubleshoot communication problems 


Request to server failed with communication error 


If you have trouble communicating with a NetWare server from iSeries and get this error message, read 
the second level help text. If the reason code is not documented, the server is most likely not active. Use 
the documented recovery actions. 

* To verify this: 


— You|loaded the NLMjon the server with the /TCP option. 


— You can PING the server from iSeries. 


— You used CHGNWSA to add the server's TCP/IP name to the |network server attributes 


Cannot access the NetWare Enhanced Integration NLM 


If commands that access the NetWare Enhanced Integration NLM on a server get no response, the 

problem could be that the NLM is not installed and loaded. Try these steps to solve the problem: 

> if you have: nakingtalled the NUM\on the carver, ceo FInstall the NetWare Enhanced Intearation NIN on 
This page also explains how to automatically have the NLM loaded whenever you 
restart the server. 

* To see if the AS4NW410 is loaded, you can also do this: 

Bring up RCONSOLE. 

On the RCONSOLE display, select and log in to the NetWare server. 

Enter the NetWare command MODULES and press F10 to see the output. 

If the NLM is not loaded, you can then load it by using this command: 


SBMNWSCMD CMD('LOAD SYS:AS4NW\AS4NW410') SERVER(server_name) 
SVRTYPE(*NETWARE) CMDTYPE(*LCLNTW) 


PON=> 


Troubleshoot QNETWARE file system problems 


This topic describes various problems that you might encounter when you work with the QNetWare file 
system and solutions to those problems. 


Server does not show up under /QNetWare: 

1. Make sure that the NetWare Enhanced Integration NLM is loaded on the server. 

2. Use the PING command to check the connection to the server. 

3. For better performance, the list of servers is only updated periodically. To force the entire list of servers 
to be updated, enter CALL QFPNTWE/QFPZCTL PARM(*UPDSRVL). 


4. If you are using TCP/IP, make sure that you|defined network server attributes 
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Users cannot see below the server volumes: 


Make sure that the user either has a connection started to the NetWare server or has an authentication 
entry for the NetWare server or NDS tree. 
¢ To see if the user has a connection started, do this: 
1. On the iSeries command line, type WRKNTWCNN and press Enter. 
2. Specify the name of the NetWare server. 
3. Specify the name of the user, and press Enter. 
* To see if the user has an authentication entry, do this: 
1. On the iSeries command line, type WRKNTWAUTE and press Enter. 
2. Type 5 on the line by the server or NDS tree to display authentication entries. 
3. If you need to add an authentication entry, do this: 
a. Specify both a server or NDS tree name and the server type in the blank fields. 
b. Type 1 to add an authentication entry for that server or NDS tree; press Enter. 
c. Fill in the remaining fields to create an authentication entry for that user. 


Users cannot be authorized to a file or directory: 


If you get a message that says Information passed to this operation was not valid when you try to 
access a NetWare file or directory for NetWare 4.1 and NetWare 5, ensure that the user exists in the NDS 
tree and that the NDS context is correct. Either the user's context must be set to the context the user 
exists in or to the job context, or the system context must be set to the correct context. (Use the NetWare 
NWADMIN command.) 


Users cannot make a directory with MKDIR command: 


One of these messages appears: 
¢ Function not supported by file system. 
QNetWare does not support auditing, so you need to specify CRTOBJAUD(*NONE). 
° If you get a message that says Information passed to this operation was not valid when you try to 
make a directory, try one of these solutions: 
— Specify no *PUBLIC authority: 
DTAAUT(*NONE) OBJAUT (*NONE) 


If error CPFAOBC occurs when you use the MKDIR command with DTAAUT(*NONE) OBJAUT(*NONE), 
use DTAAUT(*INDIR) OBJAUT(*INDIR) instead. 

— Make sure NetWare group EVERYONE was created in your NDS tree and that your job or system 
NDS context is set to the context that EVERYONE is in. 


Users cannot move a file with the MOV command. 


If you get a message that says Information passed to this operation was not valid when you try to 

move a file with the MOV command, do this: 

— For NetWare 4.1 and NetWare 5, ensure that the file owner and each user authorized to the file exist 
in the NDS tree. Also ensure that either their NDS context is correctly set to the context they exist in 
or to the job context, or that the system context is correctly set. 

— To display the authorized users and owner of a file, you can use the DSPAUT command: 

1. On the iSeries command line, type DSPAUT and press F4. 
2. In the Object field, specify the name of the file; press Enter. iSeries displays authorized users 
and owners of the file that you specified. 


Files that you create by using Client Access or an ILE C for iSeries program are always created as 
read-only. 


File modes control how file attributes are set when you create a file.|“NetWare file mode support” on 


page 47|shows how NetWare sets these attributes. 
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Checking the NDS context: 


You may want to check the NDS context if you experience problems when authorizing other users to files 
or directories or moving a file with the MOV command. To display or change the current context, use one 
of the following commands: 


Display Change 
User DSPNWSUSRA CHGNWSUSRA 
Job DSPNDSCTX CHGNDSCTX 
System DSPNWSA CHGNWSA 


Additional information about NDS contexts: 


Requests for network resources or services require identification of the NDS object context in order to 
locate or create the object. The current context is the position of the NetWare object in the NDS tree. The 
current context remains in effect until the job ends or until you change it by using the CHGNDSCTX 
command. The current context changes only for the job in which the command is run. 


To identify NDS objects, list the current context and the path from the object to the current position in the 
NDS tree. 
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Printed in U.S.A. 


